02233

Netværkssikkerhed
Network Security

• Introduktion
• Nessus Scan
• Nessus Questions
  • Question 1
  • Question 2
  • Question 3
  • Question4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  • Question 17
  • Question 18
  • Question 19
  • Question 20
  • Question 21
  • Question 22
  • Question 23
  • Question 24
  • Question 25
• Snort Questions
• References

Question4

How can Nessus guess which operating system is being used and how can this detection be avoided?

Nessus can use NMAP in order to guess the operating system being used. NMAP uses a technique called TCP/IP fingerprinting which detects subtleties in the underlying operating system network stack of the target. By sending a variety of TCP packets to the target, a TCP "fingerprint" can be obtained based on the TCP responses recieved. Nessus then compares the fingerprint to a database of fingerprints about many different operating systems. The system of OS identification works on the principle that different vendors implement the various RFCs for TCP responses in different ways. These differences allow NMAP to determine the OS type. Operating system detection can be avoided by

1. not advertising one's operating system as a banner each time someone tries to activate a service to the host
2. closing all ports not being used. Try to reduce the size of the "footprint".
3. only send TCP response packets to trusted sources

However, nmap has been depreceated in the latest versions of Nessus in preference for a plugin named

Bjarne D Mathiesen

Michael Pantridge

Thabet Al-Assdi

Chang Jensen