Currently those of companies and companies worldwide have been greatly affectedso they have made the decision to increase all these levels with the aim of being able to provide answers satisfactory security against any kind of threat.
In order to be aware of all this information, it is necessary to apply what is the penetration test. This is because most of The auditors Their main concern is power get information about the operating system that the computer or group of computers that is being audited has. In order to obtain all these data, it is necessary apply the OS Fingerprinting technique.
This technique is primarily intended analyze the traces left by each of the operating systems in your network connections, note that no two people have the same fingerprintthe same happens in these technological equipments. That is why here we are going to explain a little more about this technique and how you can begin to protect yourself from it.
What is an operating system fingerprinting attack and how does it work?
In order to stop these types of It is very important to be able to know what they are about and what their main function is. It’s like the YOU Fingerprinting is a process in charge of information gathering that allows users to identify the operating system that the target computer is using.
In this way, OS fingerprinting is based mainly on the fact that each of operating systems respond differently to different malformed packets. In this way, they use a tool that allows them to compare each of the answers with a database with known references, so it is possible to be able identify the OS who drives each of the machines.
It is also important to mention that this type of attack is also known as Fingerprints. Here it is the same as with human footprintsthese they are completely uniquethat is to say, that no technological device can have the same footprint as another. Even in fingerprints they are a lot more unique than DNA.
Therefore, all this technique has been used as a good option to achieve an inexpensive analysis and collection of what types of OS the target computers have, since this It will allow you to identify them one by one..
What are the different types of OS Finger Printing attacks that exist?
It should be mentioned that this type of OS Fingerprinting attack has two types, one of them is the active and the other the passiveeach of them has his own method of attack.
This is how we are going to show you what each of them consists of:
Active OS Fingerprinting
This method known as the asset is responsible for making each of operating systems respond differently to a wide variety of packages that have been malformed. For this, it is in charge of using different tools that allow compare each of the answers with a specific database.
This database is used as a known reference that allows identify which OS is being used by each of the target computers. For this type of attack it is very common to use tools such as nmapwhich is used by most attackers because it has a high rate of effectiveness.
Passive OS Fingerprinting
This method consists of being passivethis means that unlike the asset this does not act directly on the operating system of the target computerbut it acts is in packet analysis which are sent by the target system itself through a technique known as sniffing.
All this allows us to compare each of these packages with the database that is used as a reference of all the different packages of the systems operational, as in the previous method. Therefore, this allows to identify
Main differences
So much the active method as the passive have different aspects for and against each of themin the case of OS active turns out to be a method much more direct and reliable than the one that is carried out with the passive. This is because there is a interaction directly with the target OS. However, it has a counter, and that is that at the time of interaction will typically generate network traffic on the target, which can generate some suspicions.
Meanwhile in OS Fingerprinting passive this one is usually much quieter in that aspect so It will not generate any type of traffic and suspicions will not be present. In this case, it is only responsible for intercept those packets from the network of the target operating system. But just like the asset, it has its downside, and it ends up being more complex when obtaining a set of packages that allow OS distinction.
Learn how to protect yourself from OS Finger Printing attacks
Taking into account that in computer computers you can get one large amount of data and very important informationIt is essential to be able to know and take into account all protective measures which can be used for avoid receiving any of these attacks which can be deadly for many.
Therefore protection against fingerprint entry for attacks can be achieved mainly at the time of limit what is the traffic of a defensive system. All of this should include what they are ICMP outgoing timestamp blocks, address mask blocks, control traffic in messages, and ICMP echo reply blocks.
You can also use a security tool that can be alert of any potential fingerprintthese can coincide with another machine that has a setting Fingerprinting. You can also apply what is the blocking or restriction of TCPs for fingerprinting / IP provide a protection against vulnerability scanners who seek to study each of the target machines.
In this way, blocking ICMP messages becomes a series of defenses more than necessary for a complete protection against attacks. You can also use a debugging tool that allows you to confuse the data from fingerprints of . These tools are available to almost everyone OS such as Windows, FreeBSD, Linuxamong others.
Facebook Comments
Disqus