A new method for recognizing operating systems of automation devices | IEEE Conference Publication | IEEE Xplore

A new method for recognizing operating systems of automation devices


Abstract:

TCP/IP fingerprinting is the task of identify a machine operating system according to its TCP/IP protocol stack implementation. It can be used to help automation technolo...Show More

Abstract:

TCP/IP fingerprinting is the task of identify a machine operating system according to its TCP/IP protocol stack implementation. It can be used to help automation technology professionals to perform security tests against a device before put it into production. Current tools that perform TCP/IP fingerprinting can damage automation devices operation because of the specially crafted TCP/IP packets that are sent to the probed devices. Instead of these packets, this paper proposes a technique that uses a simple TCP SYN message to collect TCP ISN (Initial Sequence Number) samples. Signal processing tools are used to classify the operating systems based on these samples. We conclude that it is possible to recognize operating systems using only one open TCP port on the target machine without compromise the device operation.
Date of Conference: 22-25 September 2009
Date Added to IEEE Xplore: 04 December 2009
ISBN Information:

ISSN Information:

Conference Location: Palma de Mallorca, Spain

References

References is not available for this document.