Passive OS Fingerprinting
Attack Pattern ID: 313 (Standard Attack Pattern)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods it is more stealthy.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer Application Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Host

Target Functional Services

Target Functional Service 1: None
Protocol 1: Any
Related Protocol: Internet Protocol
Relationship Type
Uses Protocol
Related Protocol: User Datagram Protocol
Relationship Type
Uses Protocol
Related Protocol: lnternet Control Messaging Protocol
Relationship Type
Uses Protocol
Related Protocol: Transmission Control Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites

The ability to send and receive packets from a remote target, or the ability to passively monitor network communications.

+ Resources Required

Installing a listener on the network requires access to at least one host, and the privileges to interface with the network device.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern311Fingerprinting Remote Operating Systems 
Mechanism of Attack (primary)1000
+ References
Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". 3rd "Zero Day" Edition, . Insecure.com LLC, ISBN:978-0-9799587-1-7. 2008.
Gordon "Fyordor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://nmap.org/p51-11.html>.
Back to top