Analysis of an active fingerprinting application of the transport layer of TCP/IP stack for remote OS detection

Authors

  • Volodymyr Mosorov Lodz University of Technology Stefanowskiego str. 18\22, Lodz, Poland, 90-924, Poland
  • Sebastian Biedron Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924, Poland
  • Taras Panskyi Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924, Poland

DOI:

https://doi.org/10.15587/1729-4061.2015.51352

Keywords:

TCP/IP stack, active fingerprinting, transport layer, protocol

Abstract

Looking out for number of formed new operating systems and their quality we can clearly say that the cybercrime era is only just beginning. Developers are more interested in an early release of a new product than proper protection of the previously existing one, which implies a negligible "incorrect" implementation of TCP/IP stack. Future releases of the operating system usually have the same irregularities and frequently there are new irregularities in the behavior of the system on at the carried out standard scans. Summarizing, incensement of the interest in active Fingerprinting of the transport layer of TCP/IP stack have been the objective of this paper. Out of all the layers of protocols, we can conclude that the TCP due to the many unused functionality in its construction constitutes quite large source on the basis of which the device can be clearly identified by the scan. In this paper a different tests have been presented, namely: Flag probing, Window size probing, Time of Retransmission, Options sequence, TCP Timestamp, TCP ISN, which allowed us to estimate and analyze the reaction of different systems on them.

Author Biographies

Volodymyr Mosorov, Lodz University of Technology Stefanowskiego str. 18\22, Lodz, Poland, 90-924

Doctor of Technical Sciences

Institute of Applied Computer Science

Sebastian Biedron, Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924

Postgraduate student

Institute of Applied Computer Science

Taras Panskyi, Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924

Postgraduate student

Institute of Applied Computer Science

References

  1. . Hathaway, O. A., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W., Spiegel, J. (2011). The law of cyber-attack. Yale Law School Legal Scholarship Repository 76
  2. P.Sanghvi, H., S. Dahiya, M. (2013). Cyber Reconnaissance: An Alarm before Cyber Attack. International Journal of Computer Applications, 63 (6), 36–38. doi: 10.5120/10472-5202
  3. Schiffman, M. (2002). Building Open Source Network Security Tools: Components and Techniques. Wiley, 416
  4. Lyon, G. (2013). Nmap Network Scanning, 467
  5. Hills, R. (2003). NTA Monitor UDP Backoff Pattern Fingerprinting White Paper, 7. Available at: http://www.nta-monitor.com/files/udp-backoff-whitepaper.pdf
  6. Allen, J. M. (2007). OS and Application Fingerprinting Techniques. SANS Institute InfoSec Reading Room.
  7. Lyon, G. (2013). Nmap Scripting Engine Documentation, 42.
  8. Bennieston, A. J. (2006). NMAP-A Stealth Port Scanner, 20. Available at: http://www.csc.villanova.edu/~nadi/csc8580/S11/nmap-tutorial.pdf
  9. Spangler, R. (2003). Analysis of Remote Active Operating System Fingerprinting Tools. University of Wisconsin – Whitewater, 36.
  10. Schwartzenberg, J. (2010). Using Machine Learning Techniques for Advanced Passive Operating System Fingerprinting. Essay (Master).
  11. Jirsik, T., Celeda, P. (2014). Identifying Operating System Using Flow-based Traffic Fingerprinting. 20th EUNICE/IFIP EG 6.2, 6.6 International Workshop, 70–73. doi: 10.1007/978-3-319-13488-8_7
  12. Arkin, O. (2001). Xprobe – Remote ICMP Based OS Fingerprinting Techniques.
  13. Zalewski, M. (2005). Cisza w sieci. Helion, 304.
  14. De Montigny-Leboeuf, A. (2005). A Multi-Packet Signature Approach to Passive Operating System Detection. Communications Research Centre Canada
  15. Gutkowski, M. (2004). Kilka ciekawych metod rozpoznawania systemu operacyjnego. Hakin9, 2
  16. Allen, J. M. (2007). OS and Application Fingerprinting Techniques. SANS Institute InfoSec Reading Room.
  17. Lloyd, G. G., Tavaris J. T. Evaluating Tests used in Operating System Fingerprinting. LGS Bell Labs Innovations Technical Memorandum TM-071207.
  18. Shu, G., Lee, D. (2006). Network Protocol System Fingerprinting – A Formal Approach. Proceedings of 25th IEEE International Conference on Computer Communications, 12. doi: 10.1109/infocom.2006.157
  19. Lippmann, R., Freid, D., Piwowarski K., Streilein W. (2005). Passive Operating System Identification From TCP/IP Packet Headers.
  20. Nostromo (2005). Techniques in OS-Fingerprinting. Hagenberg, 24.

Downloads

Published

2015-10-20

How to Cite

Mosorov, V., Biedron, S., & Panskyi, T. (2015). Analysis of an active fingerprinting application of the transport layer of TCP/IP stack for remote OS detection. Eastern-European Journal of Enterprise Technologies, 5(9(77), 36–45. https://doi.org/10.15587/1729-4061.2015.51352

Issue

Vol. 5 No. 9(77) (2015): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2015 Volodymyr Mosorov, Sebastian Biedron, Taras Panskyi

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.