+ Reply to Thread
Results 1 to 2 of 2

Thread: OS fingerprinting based on TCP/IP and DHCP traffic

  1. #1
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385

    OS fingerprinting based on TCP/IP and DHCP traffic

    Every operating system's TCP/IP stack has its own set of default values and extensions. Furthermore, a vendor ID string is sent when acquiring a network address via DHCP (option 60), and the padding and option layout on discovery packets make detection of a particular system possible even if said string is modified. Thus, it is possible to identify which OS a device is running merely by analyzing the above mentioned details. The following links, as well as looking for "OS fingerprinting" on your favorite search engine, provide more information, and means to (at least partially) shield yourself against this.

    TCP/IP stack fingerprinting - Wikipedia, the free encyclopedia
    fingerbank: Learn More
    OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMiner, Ettercap, Nmap and other OS detection tools
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    saebrtooth (08.11.15)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Two things I've learned since making this thread.
    • Under Windows, the registry key HKLM\SYSTEM\CurrentControlSet\services\Dhcp\Parame ters\Options allows you to define options that are sent in the DHCP discover packet. However, options 12 (hostname) and 60 (class identifier) cannot be set or overriden in this manner.
    • If you edit the value of "Hostname" and "NV Hostname" under HKLM\SYSTEM\CurrentControlSet\services\Dhcp\Parame ters\Options and restart the Dhcp service, it will use the new one for option 12 without having to actually change the computer name or reboot. However, I don't know which other side effects this may have.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •