基于TCP指纹的远程操作系统探测技术

Probing Techniques for Remote Operating Systems Based on TCP Fingerprint

将不同操作系统在TCP协议中的差异视为指纹,据此来探测远程操作系统的类型。探测可分为被动探测和主动探测2类,论述了其探测原理和常用的指纹特征。介绍了为实施探测而涉及的活动TCP端口的扫描技术以及利用TCP指纹特征辨别操作系统类型的3种方法,最后简要讨论了防范探测的基本策略。

Seemed as the fingerprint, the diversities in TCP implementations can be used to probe the remote operating systems. The probing methods can be categorized to passive methods and active methods. The paper introduces the theory on probing the remote operating systems based on TCP fingerprint and some applied fingerprint. Furthermore, the paper introduces the technologies scanning active TCP ports and three methods recognizing the remote operating systems according to the character fields. At the last part, we briefly discussed some primary policies preventing the probing based on the TCP fingerprint.