Network Security


How can Nessus guess which operating system is being used and how can this detection be avoided?

Nessus can use NMAP in order to guess the operating system being used. NMAP uses a technique called TCP/IP fingerprinting which detects subtleties in the underlying operating system network stack of the target. By sending a variety of TCP packets to the target, a TCP "fingerprint" can be obtained based on the TCP responses recieved. Nessus then compares the fingerprint to a database of fingerprints about many different operating systems. The system of OS identification works on the principle that different vendors implement the various RFCs for TCP responses in different ways. These differences allow NMAP to determine the OS type. Operating system detection can be avoided by

  1. not advertising one's operating system as a banner each time someone tries to activate a service to the host
  2. closing all ports not being used. Try to reduce the size of the "footprint".
  3. only send TCP response packets to trusted sources

However, nmap has been depreceated in the latest versions of Nessus in preference for a plugin named