Identifying Operating System Using Flow-Based Traffic Fingerprinting

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8846)

Abstract

Many vulnerabilities are operating system specific. Information about the OS of all hosts in a network represents a valuable asset for network administrators. While OS detection in small networks is an easy task, expanding the same process on a large scale becomes a challenge. The weak performance, high speed traffic and large amount of hosts for OS detection are issues to overcome. In this paper we propose a flow based framework for large scale OS detection. Furthermore, we describe the framework implementation into a flow probe, provide performance comparison and share remarks on deployment in a real world network.

Keywords

OS fingerprinting Passive High-throughput p0f Flow 

References

  1. 1.
    Barnes, J., Crowley, P.: k-p0f: a high-throughput kernel passive os fingerprinter. In: Architectures for Networking and Communications Systems (ANCS), 2013 ACM/IEEE Symposium on, pp. 113–114 (2013)Google Scholar
  2. 2.
    Claise, B., Trammell, B., Aitken, P.: RFC 7011: Specification of the IPFIX Protocol for the Exchange of Flow Information (2013)Google Scholar
  3. 3.
    Comer, D., Lin, J.C.: Probing tcp implementations. In: USENIX Summer, pp. 245–255 (1994). http://dblp.uni-trier.de/db/conf/usenix/usenix_su94.html#ComerL94
  4. 4.
    INVEA-TECH: FlowMon Exporter - Community Program. http://www.invea-tech.com, [cited 2014–04-15] (2013)
  5. 5.
    Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)Google Scholar
  6. 6.
    Zalewski, M.: p0f v3. http://lcamtuf.coredump.cx/p0f3/. Accessed 15 April 2014

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Institute of Computer ScienceMasaryk UniversityBrnoCzech Republic

Personalised recommendations