Fingerprinting Remote Operating Systems
Attack Pattern ID: 311 (Standard Attack Pattern)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker engages in fingerprinting activity to determine the type or version of the operating system of the remote target. Any platform, device, or server that communicates over the network will conform to one or more protocols, commonly TCP/IP and related protocols. Fingerprinting remote operating systems involves taking an "active" or a "passive" approach. Active approaches to fingerprinting involve sending data packets that break the logical or semantic rules of a protocol and observing operating system response to artificial inputs. Passive approaches involve listening to the communication of one or more nodes and identifying the operating system or firmware of the devices involved based on the structure of their messages.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer Application Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Host Service

Target Functional Services

Target Functional Service 1: None
Protocol 1: Any
Related Protocol: Internet Protocol
Relationship Type
Uses Protocol
Related Protocol: User Datagram Protocol
Relationship Type
Uses Protocol
Related Protocol: lnternet Control Messaging Protocol
Relationship Type
Uses Protocol
Related Protocol: Transmission Control Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites

None

+ Resources Required

Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern310Scanning for Vulnerable Software 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern312Active OS Fingerprinting 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern313Passive OS Fingerprinting 
Mechanism of Attack (primary)1000
+ References
Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". 3rd "Zero Day" Edition, . Insecure.com LLC, ISBN:978-0-9799587-1-7. 2008.
Gordon "Fyordor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://nmap.org/p51-11.html>.
Back to top