Saturday, 2 February 2013

IP Stack Behavior


IP Stack Behavior

The techniques utilized thus far have involved examining the server's
public facing services or behavior. These characteristics are easily
modified by a system administrator, and therefore may present an
unreliable identification mechanism. Fyodor (the author of nmap) has
written a detailed remote stack fingerprinting document, referenced
below.
By examining the behavior of the IP stack of the target host, we can
often distinguish between different operating systems and platforms,
and even the versions of those operating systems.
These probes work by examining the target stack's responses to various
probes, including
• Non-standard TCP/IP 3-way handshakes.
• Packets with non-standard IP or TCP flags.
• Various ICMP packets.

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • Substitute Bytes Transformation
    Substitute Bytes Transformation Forward and Inverse Transformations The forward substitute byte transformation , called SubBytes,...
  • Finding the Greatest Common Divisor
    Finding the Greatest Common Divisor The Euclidean algorithm is based on the following theorem: For any nonnegative integer a and any...