There was a new blog called ” Researcher fingerprinters networks to find rogue hardware” just posted, I was interested in something about fingerprinter. After researching, I found the TCP/IP stack fingerprintingfrom Wikipedia. The definition from Wikipedia is “it is the passive collection of configuration attributes from a remote device during standard layer 4 network communications.”
This is the new way for hacker to detect imformation from remote system.If you dont know what the OS is running in target system ,it is difficult to perform operations on the target system,it can not detemine the existence of security vulnerabilities ,let alone attack.
At the beginning hackers often uses some simple detection methods to gain the target system information,such as using http program,DNS,or SNMP to get a lot of useful information. But later,in the long struggle against the invasion and anti invasion ,using this simple means to get less and less information. In this case ,the simple approach has been very difficult to work,so there is a tcp/ip stack fingerprinting.
In the different operating systems,or different versions of different operaring system, it will set different defaults of some values. and those values can help you to detect the information from target machines.
I think it is good for us to know something about TCP/IP stack fingerprinting.Research this technology for improving system security and the ability to resist the invasion has inportant significance.