Comprehensive Analysis of Operating System Fingerprinting

Verified

Added on 2023/06/10

AI Summary

This report provides an overview of operating system fingerprinting, a technique used to identify the operating system of a device on a network. It discusses both active and passive fingerprinting methods, highlighting their differences, advantages, and limitations. Active fingerprinting involves sending packets to a remote host and analyzing the responses, while passive fingerprinting analyzes network traffic without actively probing the host. The report reviews various tools and research papers related to OS fingerprinting, including early programs like 'checkos' and 'sirc', as well as the 'p0f' tool for passive fingerprinting. It also touches on masking approaches to prevent OS detection and techniques for improving the accuracy of OS detection in mobile networks. The report concludes that while both active and passive fingerprinting techniques have received significant attention, they also face challenges such as firewall and IDS blocking, and limitations in packet selection for accurate classification. Desklib provides access to this and other solved assignments for students.

Running head: OPERATING SYSTEM FINGERPRINTING
Operating System Fingerprinting
[Name of the Student]
[Name of the University]
[Author note]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1OPERATING SYSTEM FINGERPRINTING
Introduction:
Computers have become an essential part of our life and we are associated with the usage of
computer in almost everything which might be from investigation regarding the space to
shopping. This are also used for communicating with friends by making use of the email services
and chat programs. But despite of this the security of this communications are not considered.
Intruders are not associated with taking care of the identity of the user and they are associated
with gaining control of the computers in order to use it for the purpose of launching attacks of
the other computers (Gu et al. 2014). By having control of the computers the intruders gets the
ability of hiding their true identity which helps them a lot in launching a verity of attacks which
in cases has been seen that it is against high profile computers systems that might include the
computers at government offices or financial systems. The computer used by an individual can
be targeted even when it is connected to the internet for the purpose of playing games or for the
purpose of sending emails. Operating System Fingerprinting can be considered to be one of the
techniques which is generally used for the purpose of compromising the computer of the user by
the attacker. Operating system Fingerprinting can be considered to be the process which is used
for the purpose of learning what operating system is present is certain device (Shamsi et al.
2014). Guesses about the OS can be done accurately by analysis of certain protocol flags, options
and also the data present in the packets which are send by any device to the network.
Literature review:
A attacker after pinpointing the exact OS of the host might be associated with launching a
precise attack against the machine which has been targeted. While considering the world of
buffer overflow if the exact flavor as well as the architecture of the Operating system is known

2OPERATING SYSTEM FINGERPRINTING
then the attacker gains the best opportunity of launching the attack. There exists two Operating
System Fingerprinting techniques and this includes the Active OS Fingerprinting and Passive OS
Fingerprinting. Active OS fingerprinting can be considered to be process which is related to the
transmitting of the packets to a remote host and is associated with analyzing the corresponding
replies. This is associated with allowing the scanner to obtain the results which are more accurate
than the results of the passive scanner, besides being shorter amount of time. The traditional
approach has been associated with examining the TCP/IP stack behavior of the targeted network
element when they are probed with several other legitimate packets. Whereas passive
fingerprinting techniques can be considered to be process which is associated with analyzing the
packets from a host on a network. For this case the finger printer is associated with acting as a
sniffer and this also does not put any kind of traffic over the network. The main reason lying
behind calling this passive is that it does not involve any kind of examination of communication
that exists with the host. By depending upon the sniffer traces of these packets it is possible to
determine the operating system that the remote host is having. The passive scanners are generally
and are inherently less accurate than the active scanners and for this reason they are having a less
control over the data that are being analyzed by them.
Various kind of researches have been done on the passive and the active OS finger printing.
According to paper by Gordon Lyon has been associated with proposing various programs which
includes the “checkos, sirc, and the SS”. This programs are having the capability of finger
printing different kinds of operating systems and this fingerprinting is generally done by making
use of the TCP/IP traffic. But there exists certain limitations of this tools and this s the main
reason lying behind the fact that they are not being referred anymore. Along with this the
information that is available is also limited in amount (Lyon, 1998).

3OPERATING SYSTEM FINGERPRINTING
Michal Zalewski was the first person to write about the first version of the p0f tool, which is
geerally used for passive operating system fingerprinting. It can be stated that there exists four
fingerprinting methods which are generally applied according to the scenarios and the different
kind of scenarios mainly includes the following “What is the system that is connecting to
yours?”, “What is the system that you are connecting to?”, “What is the system that is refusing
your connection?” and lastly “What systems do you have a connection with?”. The p0f tool only
supports the first scenario and this is mainly due to the reason that it is associated with detecting
the OS by the process of analyzing the headers present at the initial SYN packets (Zalewski
2006).
Followed by this Lanze Spitzner in their study has been associated with identifying what passive
fingerprinting really is and what are the main functions of this and what are the procedures by
which it can be used. Besides this Spintzner has also been associated with comparing the passive
fingerprinting and the active fingerprinting in order to identify the similarities and the differences
that exists between them (Spitzner 2003). Additionally he has also been talking about the fact of
knowing the enemies and the assets of the user and this is to be done because by knowing the
enemies it becomes very easy for the user to protect themselves from any kind of danger.
Gerald A. Marin in his study has been associated with looking into the general network security
which was done by covering the crucial basics that the security of the system is having. Besides
this he has also be associated with describing the various kind of security attacks like the DDoS
or Distributed Denial of Service attack, land attack and many more. Along with discussing about
the attacks the countermeasures were also discussed by him (Marin 2005).
Surbhie Kalia and Manider Singh in their study has been associated with proposing a masking
approach for the purpose of securing the system from any kind of OS fingerprinting. This paper

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4OPERATING SYSTEM FINGERPRINTING
has also been associated with discussing about the major steps that are followed by the OS
fingerprinting tools for the purpose of determining the remote OS. Besides this the authors of this
paper have been describing some of the active OS fingerprinting tool which includes the
Xprobe2 and the Nmap along with discussing the countermeasures that are required for the
purpose of preventing the operating system detection (Kalia and Singh 2005).
The paper named “Ambiguity Resolution via Passive OS fingerprinting” by Greg Taleck has
been associated with looking into exploitation of the differences that exists between the common
operating systems in order to evade the IDS or the Intrusion Detection System for the purpose of
attacking. Along with this he has also been associated with proposing ab approach which makes
use of the passive OS detection so as to solve the ambiguities that exists between the different
stack network implementations in a way which is correct (Taleck 2003). The paper has been
looking into a new technique which is aimed at increasing the level of confidence of the OS
detection. This is generally done by looking into the TCP connection negotiations closely.
The paper by Vladimir Lifschitz has been identifying the ASP as the “representation of a given
computational problem by making use of logic program whose answer sets are corresponded to
the solutions, and then use that answer set solver for the purpose of finding an answer set for this
program”. In this paper a scenario has been presented for the purpose of claiming the fact that
this approach is the optimal approach and the results that are obtained from the ASP
fingerprinting is very promising (Lifschitz 2002). It has been seen that the accuracy is more than
80% when almost 95 OSs were tested.
Esfandiari, Bertossi and Gagnon in their paper have been associated with performing OS
fingerprinting by making use of the ASP or the Answer Set Programming. The main idea

5OPERATING SYSTEM FINGERPRINTING
included in this is not including of the single packet for the purpose of improving the accuracy of
the OS detection (Gagnon, Esfandiari and Bertossi 2007).
There exists some work which are related to the Mobile OS. In the paper, ”OS fingerprinting
And tethering detection in mobile networks” the authors have tried a lot to improve the
classification of the mobile OS and for doing so they have been associated with introducing a
number of new features (Chen et al 2014). The approach has been implementing the Bayes rule
so as to perform the classification. Along with this Shehari and Shahzad has been associated with
the usage of machine learning, include Mobile OS classification such as smartphones besides
trying to improving the capabilities related to p0f classification (Al-Shehari and Shahzad 2014).
Conclusion:
In last few years bot the OS Finger Printing Technique that is the active and the passive finger
printing techniques have been associated with receiving much attention and besides this many
new tools has also been developed for the all this approaches. The active fingerprinting tools are
generally blocked by the firewall and the IDS. All the tools requires a number of probes for the
purpose of classifying the OS accurately but there exists certain works which are aimed at
reducing the number of probes. But there does not exist any such guarantee that the system
would be blocking the packets that are generated by these tools before enough information is got
in order to classify the system accurately. The limitation of the passive fingerprinting is much
more than the active fingerprinting as the passive systems are not capable of choosing the type of
packets and for this reason they are not able of deciding which type of information is to be used
for eth classification.

6OPERATING SYSTEM FINGERPRINTING
References:
Al-Shehari, T. and Shahzad, F., 2014. Improving operating system fingerprinting using machine
learning techniques. International Journal of Computer Theory and Engineering, 6(1), p.57.
Chen, Y.C., Liao, Y., Baldi, M., Lee, S.J. and Qiu, L., 2014, November. OS fingerprinting and
tethering detection in mobile networks. In Proceedings of the 2014 Conference on Internet
Measurement Conference (pp. 173-180). ACM.
Gagnon, F., Esfandiari, B. and Bertossi, L., 2007, May. A hybrid approach to operating system
discovery using answer set programming. In Integrated Network Management, 2007. IM'07.
10th IFIP/IEEE International Symposium on (pp. 391-400). IEEE.
Gu, Y., Fu, Y., Prakash, A., Lin, Z. and Yin, H., 2014. Multi-aspect, robust, and memory
exclusive guest os fingerprinting. IEEE Transactions on Cloud Computing, 2(4), pp.380-394.
Kalia, S. and Singh, M., 2005, November. Masking approach to secure systems from operating
system fingerprinting. In TENCON 2005 2005 IEEE Region 10 (pp. 1-6). IEEE.
L. Spitzner, Passive fingerprinting, vol. 3, pp. 1–4, May 2003
Lifschitz, V., 2002. Answer set programming and plan generation. Artificial Intelligence, 138(1-
2), pp.39-54.
Lyon, G.F., 1998. Remote OS detection via TCP/IP stack fingerprinting. Phrack Magazine,
8(54).
Marin, G.A., 2005. Network security basics. IEEE security & privacy, 3(6), pp.68-72.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7OPERATING SYSTEM FINGERPRINTING
Shamsi, Z., Nandwani, A., Leonard, D. and Loguinov, D., 2014, June. Hershel: single-packet os
fingerprinting. In ACM SIGMETRICS Performance Evaluation Review (Vol. 42, No. 1, pp. 195-
206). ACM.
Taleck, G., 2003, September. Ambiguity resolution via passive OS fingerprinting. In
International Workshop on Recent Advances in Intrusion Detection (pp. 192-206). Springer,
Berlin, Heidelberg.
Zalewski, M., p0f 2 README.[Online] 2006.