It is very important for an attacker to know about the OS of the target.Different OS's have different stacks and kernels.The response to same message is different in different OS's so by analyzing these messages we can know about the OS in the host.Attacker sends packets made using the packet generation softwares and the target is forced to respond to it.Thus OS finger printing is done.
The techniques used for this purpose can be classified in to 2 types namely :
1) Active finger printing
2) Passive finger printing
Active fingerprinting :
steps:
A customized data packet is send to the target host.
The response generated is recorded using the packet sniffer.
The recorded response is studied and compared to known responses and OS is identified.
Fators helping us to identify the OS :
TCP initial window size of the packets.
ACK values of the packets.
Initial Sequence Number(ISN) values
Heading of overlapped fragments.
ICMP Message quoting method
ICMP Error Message quenching method
ICMP Error Message Echoing integrity
Problem:
The attacker will have to send the packets actively to the target and record its responses.
This method is not anonymous.So it may have tha attacker caught in the act.
That is why we go for Passive Fingerprinting.
TOOLS for active finger printing :
Nmap
Quso
Aping
Passive Fingerprinting :
This method is anonymous. It is very difficult to identify passive fingerprinting.
The main steps in this method are as follows :
The attacker uses a sniffer to record the data packets sent by the target.
The various parts of the response is analyzed for particular values which are specific for a particular OS.
Thus the OS of host is found out.The attacker may install the sniffer in a cafe and analyze the packets recieved while someone connects to the same computer.
The main fields studied in the passive method are:
TTL value
The window size
Don't fragment bit
Type of source (TOS)
Consider the example :
When we recieve a
windows size =9000
TOS =0
DFB =yes
then the host must be running a Win9X or Win NT
Countermeasures:
Change the default values of the parameters studied.
Mislead the attacker by giving values of another OS.
Use ACL for filtering.
Support The Ethical Hacker !! - Click Here If You Like My Contents !!!
Wednesday, November 18, 2009
Subscribe to:
Post Comments (Atom)
1 comment:
ACTIVE & FRESH CC FULLZ WITH BALANCE
Price $5 per each CC
US FRESH, TESTED & VERIFIED SSN LEADS
$1 PER EACH
$5 FOR PREMIUM DATA
CC DETAILS
=>CARD TYPE
=>FIRST NAME & LAST NAME
=>CC NUMBER
=>EXPIRY DATE
=>CVV
=>FULL ADDRESS (ZIP CODE, CITY/TOWN, STATE)
=>PHONE NUMBER,DOB,SSN
=>MOTHER'S MAIDEN NAME
=>VERIFIED BY VISA
=>CVV2
SSN LEADS INFO
First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | Home Owner | IP Address |MMN | Income
Contact Us
-->Whatsapp > +923172721122
-->Email > leads.sellers1212@gmail.com
-->Telegram > @leadsupplier
-->ICQ > 752822040
*You can buy for your specific states too
*Payment in advance
*Hope for the long term deal
*Time wasters or cheap questioners please stay away
*If you buy leads in bulk, I'll definitely negotiate
*You can ask me for sample of Lead for demo
US DUMP TRACK 1 & 2 WITH PIN CODES ALSO AVAILABLE
Post a Comment