When someone with half a clue decides to attack your system, they will first try to identify the operating system. Not every attack proceeds this way -- script kiddies will probe huge address spaces looking for any system with a . . .
When someone with half a clue decides to attack your system, they will first try to identify the operating system. Not every attack proceeds this way -- script kiddies will probe huge address spaces looking for any system with a particular port open, indicating that just maybe that system will be vulnerable. But for the professional penetration tester or hacker, operating system (OS) identification is an essential step in probing.

The king of the stack fingerprinting programs today is nmap. I had often wondered exactly how Fyodor, the author of nmap, went about designing his program. In his paper, Fyodor mentions TCP options, and how useful these options are for OS identification via stack fingerprinting, and this column goes deeper into TCP options, and how they are used by TCP/IP, and nmap.

The link for this article located at Spirit.com / Rik Farrow is no longer available.