In passive OS fingerprinting, an attacker installs a sniffer on any third party such as a router on which the victim communicates frequently. Now he studies the sniffer’s log and responses, and receives hints about the remote OS with the help of the following parameters:

* TTL values: This is Time To Live Value for any packet sent by any host.
* The window size: For many operating systems, the initial window size value is fixed.
* Don’t Fragment bit (DF): Some operating systems keep the DF bit on, and some do not.
* Type of service: The type of service value varies from OS to OS.

When an attacker identifies these values from sniffer’s logs, he matches them with his database of known signatures of operating systems and receives a clue about which OS is running on the remote computer.

Explore More

Windows XP Users: Careful With That F1 Button!

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use

Distributed Denial of Service (DDoS) Attacks

Demystifying Denial-Of-Service attacks, part one By Abhishek Singh, CISSP This paper provides an introduction to Denial of Service (DoS) attacks, their methodologies, common prevention techniques, and how they differ from

How to Detect a Hacker Attack

If a hacker breaks into your computer, just noses around, and makes no changes to your computer, it’s not easy to tell he’s been there. There’s no alert that says,