Results 1 to 2 of 2

Thread: OS fingerprinting based on TCP/IP and DHCP traffic

  1. #1
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,295
    Activity Longevity
    13/20 19/20
    Today Posts
    3/5 ssss36295

    OS fingerprinting based on TCP/IP and DHCP traffic

    Every operating system's TCP/IP stack has its own set of default values and extensions. Furthermore, a vendor ID string is sent when acquiring a network address via DHCP (option 60), and the padding and option layout on discovery packets make detection of a particular system possible even if said string is modified. Thus, it is possible to identify which OS a device is running merely by analyzing the above mentioned details. The following links, as well as looking for "OS fingerprinting" on your favorite search engine, provide more information, and means to (at least partially) shield yourself against this.

    TCP/IP stack fingerprinting - Wikipedia, the free encyclopedia
    fingerbank: Learn More
    OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMiner, Ettercap, Nmap and other OS detection tools
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    saebrtooth (08.11.15)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,295
    Activity Longevity
    13/20 19/20
    Today Posts
    3/5 ssss36295
    Two things I've learned since making this thread.
    • Under Windows, the registry key HKLM\SYSTEM\CurrentControlSet\services\Dhcp\Parame ters\Options allows you to define options that are sent in the DHCP discover packet. However, options 12 (hostname) and 60 (class identifier) cannot be set or overriden in this manner.
    • If you edit the value of "Hostname" and "NV Hostname" under HKLM\SYSTEM\CurrentControlSet\services\Dhcp\Parame ters\Options and restart the Dhcp service, it will use the new one for option 12 without having to actually change the computer name or reboot. However, I don't know which other side effects this may have.
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •