Nowadays the levels of computer security of companies and companies worldwide have been greatly affected, so they have made the decision to increase all these levels in order to be able to provide answers of satisfactory security before any type of threat.
In order to be aware of all this information, it is necessary to apply what is the penetration test. This is because most The auditors have as their main concern power get information about the operating system that has the computer or group of computers that is being audited. In order to obtain all these data it is necessary apply the OS Fingerprinting technique.
This technique has as its main purpose analyze the footprints left by each of the operating systems on their network connections, note that no two people have the same fingerprint, the same happens in these technological equipments. That is why here we are going to explain a little more about this technique and how you can start to protect yourself from it.
What is an operating system fingerprint attack and how does it work?
In order to stop these types of attacks on computer systems it is very important to know what they are about and what their main function is. This is how the YOU Fingerprinting is a process in charge of information gathering that allows users to identify the operating system that the target computer is using.
In this way, OS fingerprinting is mainly based on the fact that each of operating systems responds differently to different malformed packages. In this way, they use a tool that allows them to be able to compare each of the answers with a database with known references, so it is possible to identify the OS that drives each of the machines.
It is also important to mention that this type of attack is also known as Fingerprints. Here it is the same as with human footprints, these they are completely unique, that is, that no technological device may have the same footprint as another. Even in fingerprints they are a lot more unique than DNA.
Therefore, this whole technique has been used as a good option to achieve an inexpensive analysis and collection of what types of OS the target teams have, since this will allow to identify them one by one.
What are the different types of OS Finger Printing attacks out there?
It should be mentioned that this type of OS Fingerprinting attack has two types, one of them is the asset and the other the liability, each of them has his own method of attack.
This is how we are going to show you what each of them consists of:
OS Fingerprinting active
This method known as the asset is responsible for making each of operating systems respond differently to a wide variety of packages that have been malformed. For this, it is responsible for using different tools that allow compare each of the responses with a specific database.
This database is used as a known reference that allows identify which OS is using each of the target computers. For this type of attack, it is very common to use tools such as Nmap, which is used by most attackers because it has a high rate of effectiveness.
Passive OS Fingerprinting
This method consists of being passive, this means that unlike the asset this does not act directly on the target computer’s operating system, but acts is in analysis of packages that are sent by the target system itself through a technique known as sniffing.
All this allows us to compare each of those packages with the database that has as a reference of all the different packages of the systems operational, as it happens in the previous method. Therefore, this allows identify
Main differences
So much the active method as the liability have different aspects to for and against each of them, in the case of Active OS turns out to be a very more direct and reliable than that which is carried out with liabilities. This is because there is a interaction directly with the target OS. However, it has a disadvantage, and that is that at the time of the interaction will usually generate network traffic on the target, which can lead to some suspicions.
Meanwhile in the OS Fingerprinting passive this is usually much quieter in that aspect so it will not generate any type of traffic and suspicions will not be present. In this case it only takes care of intercept those packets from the target operating system network. But just as the asset has its disadvantage, and that is that it ends up being more complex when obtaining a set of packages that allow OS distinction.
Learn how to protect yourself from OS Finger Printing attacks
Taking into account that in computer computers you can have a lots of data and very important information, it is essential to know and take into account all protection measures that can be used to avoid receiving any of these attacks that can be deadly for many.
Thus protection against fingerprint entry for attacks can be obtained mainly at the time of limit what is the traffic of a defensive system. All this must include what they are ICMP outbound time stamp locks, address mask block, control traffic in messages, and ICMP echo reply blocking.
You can also make use of a security tool that can be alert of any potential fingerprint, these may match another machine that has a setting Fingerprinting. You can also apply what is blocking or restricting TCPs for fingerprinting / IP provide a protection against vulnerability scanners who seek to study each of target machines.
In this way, blocking ICMP messages becomes a series of defenses more than necessary for a complete protection against attacks. You can also use a debugging tool that allows you to confuse the data from TCP / IP fingerprints. These tools are available to almost everyone OS such as Windows, FreeBSD, Linux, among others.