Remotely identify operating system running
Before attempting to break into your computer and take control over it, an attacker will first of all attempt to remotely identify the operating system your computer is running. The reason is simple – the ways to compromise your computer and take control over it depend directly on the operating system your computer is running.
The attacker has various ways in doing this type of detection. Usually, operating system detection is performed during the initial phase of an attack; during this phase, the attacker will usually attempt to map vulnerable points of your computer's security configuration, identify open ports through port scanning – and this information will later be used to identify possible vulnerabilities on your computer, by identifying services running on your computer and their versions.
The operating system your computer is currently running can be detected with ease, unless you are running a firewall that allows no network packets to reach your computer. Otherwise, by connecting to various ports that may currently be opened on your computer (for example ports like TCP 21 FTP, TCP 23 TELNET, TCP 25 SMTP, TCP 80 HTTP, TCP 110 POP3) the attacker would find easy to identify your operating system through specific protocol analysis. For example, most mail servers use to welcome the user with a greeting – this kind of greeting and other headers are sent back to the attacker without authentication needed, and in many cases they contain the name of the application assigned to the running service that is being queried, and its version, and therefore it is extremely easy to remotely identify your operating system in this fashion through simply establishing what would be the operating system that the detected service application is running on.
Once the operating system has been identified successfully, and a map of open ports and other security issues has been created, the attacker can move along at finding and exploiting security holes in your system. It is therefore important to understand that remote identification of operating system is dangerous, although easy to perform – not by itself but for what comes next. And there is no security protection measure that we can use in all cases with 100% results. The best way to prevent this kind of information leakage is to run a robust firewall and to use intermediary servers – but once again these are ways of making it more difficult for the attacker (which at times pays off) but it does not necessarily guarantee that you are protected, knowing that there are even other more advanced ways of identifying operating system running on your computer, like TCP-IP stack fingerprinting for example, that a well trained attacker can use and still gain the needed information about your computer and its operating system.
The attacker has various ways in doing this type of detection. Usually, operating system detection is performed during the initial phase of an attack; during this phase, the attacker will usually attempt to map vulnerable points of your computer's security configuration, identify open ports through port scanning – and this information will later be used to identify possible vulnerabilities on your computer, by identifying services running on your computer and their versions.
The operating system your computer is currently running can be detected with ease, unless you are running a firewall that allows no network packets to reach your computer. Otherwise, by connecting to various ports that may currently be opened on your computer (for example ports like TCP 21 FTP, TCP 23 TELNET, TCP 25 SMTP, TCP 80 HTTP, TCP 110 POP3) the attacker would find easy to identify your operating system through specific protocol analysis. For example, most mail servers use to welcome the user with a greeting – this kind of greeting and other headers are sent back to the attacker without authentication needed, and in many cases they contain the name of the application assigned to the running service that is being queried, and its version, and therefore it is extremely easy to remotely identify your operating system in this fashion through simply establishing what would be the operating system that the detected service application is running on.
Once the operating system has been identified successfully, and a map of open ports and other security issues has been created, the attacker can move along at finding and exploiting security holes in your system. It is therefore important to understand that remote identification of operating system is dangerous, although easy to perform – not by itself but for what comes next. And there is no security protection measure that we can use in all cases with 100% results. The best way to prevent this kind of information leakage is to run a robust firewall and to use intermediary servers – but once again these are ways of making it more difficult for the attacker (which at times pays off) but it does not necessarily guarantee that you are protected, knowing that there are even other more advanced ways of identifying operating system running on your computer, like TCP-IP stack fingerprinting for example, that a well trained attacker can use and still gain the needed information about your computer and its operating system.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions