What is OS Fingerprinting?
Operating System (OS) Fingerprinting is the process of analyzing data packets which originate from a network in an attempt to glean intelligence to be used in later attacks. By detecting which operating system a network operates on, hackers have an easier time targeting known vulnerabilities. OS Fingerprinting can also collect configuration attributes from remote devices. This type of recon attack is usually the first step in a larger, persistent effort. Networks running old, outdated, or unpatched Operating Systems became big targets when attackers spot their weakness.
How to Recognize This Threat: To detect OS Fingerprinting, it is important to understand how it occurs. There are two types of OS Fingerprinting: Active & Passive.
In an active OS Fingerprinting attempt, attackers send a packet to a victim and then wait on a response to analyze TCP packet contents. In a passive attempt attackers act more as a “sniffer” that makes no deliberate changes or actions against the network. Passive OS Fingerprinting is a more stealth, but far slower process. NMAP is perhaps the most popular and commonly-used tool for OS Fingerprinting.
How to Prevent This Threat: The best way to prevent fingerprinting is to limit the types of traffic that your network accepts and responds to, as well as tightly control what information your network returns. By blocking timestamps, echo replies, and address masks, admins can greatly reduce the usefulness of information that attackers can exfiltrate. Our team of certified engineers can help you reduce attack surfaces on your network and ensure that your firewall and operating system are as stealth as possible.