[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Recognizing the Type of a Remote OS
On Sun, 10 May 1998, Eli Marmor wrote:
> I was told that:
>
> > You can identify the server type by looking at the TCP traffic (e.g.
> > whether it does a proper three-way close, or just sends an RST).
>
> Does anybody know what it means? Can this method be used to know
> if a specific host runs NT or UNIX or even which UNIX exactly?
This depends on the degree of brokenness <G> of the respective TCP/IP
stack. This varies with the OS release and the 'service pack' installed.
The people who know this best are TCP/IP stack programmers who have to
make their (new) stacks talk to broken implementations that have been
around. This in turn induces bugs, that make the new implementation
recognizable under certain circumstances.
I keep seeing messages about this in the Compuserve UNIXFORUM where some
gurus and ppl. who have been around UNIX for many years hang out.
imho the best place to ask for this is in the *.unix usenet group, plus a
little searching in the archives of ditto group.
The bonk and other bluescreen exploits are based on such quirks (although
not always attacking the TCP/IP layer of the stack).
Peter