Threat - Operating System Detected

From: Neil (Neil_at_discussions.microsoft.com)
Date: 09/07/05 

Date: Tue, 6 Sep 2005 17:13:48 -0700

What could be the solution to clear this violation shown below?

THREAT:
Several different techniques can be used to identify the operating system
(OS) running on a host. A short description of these techniques is provided
below. The specific technique used to identify the OS on this host is
included in the RESULTS section of your report.
1) TCP/IP Fingerprint: The operating system of a host can be identified from
a remote system using TCP/IP fingerprinting. All underlying operating
system TCP/IP stacks have subtle differences that can be seen in their
responses to specially-crafted TCP packets. According to the results of this
"fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a
firewall or a packet filtering device between the scanner and the host, the
fingerprinting technique may fail. Consequently, the version of the OS may
not be detected correctly. If the host is behind a proxy-type firewall, the
version of the operating system detected may be that for the firewall
instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application
programming interface (API) that augments the DOS BIOS by adding
special functions for local-area networks (LANs). Almost all LANs for PCs
are based on the NetBIOS. Some LAN manufacturers have even extended
it, adding additional network capabilities. NetBIOS relies on a message
format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side,
HTML-embedded scripting language used to create dynamic Web
pages. Under some configurations it is possible to call PHP functions like
phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts,
routers, and the networks to which they attach. The SNMP service
maintains Management Information Base (MIB), a set of variables (database)
that can be fetched by Managers. These include
"MIB_II.system.sysDescr" for the operating system.

Relevant Pages

  • Re: Threat - Operating System Detected
    ... > Several different techniques can be used to identify the operating system ... The specific technique used to identify the OS on this host is ... > "fingerprinting" technique, the OS version is among those listed below. ... > it, adding additional network capabilities. ...
    (microsoft.public.win2000.security)
  • Re: Restricting Certain Binaries - Steve?
    ... > Hi John. ... > I have never implemented that technique [nor have I configured a dmz bastion ... > how an operating system is severely compromised, see an example in the link ... The Sygate site mentions "buffer overflow" as the main attack technique ...
    (microsoft.public.win2000.security)
  • SLP Operating System
    ... Hello if you have a computer that uses the System Locked Preinstallation ... technique to activate Windows does it mean that the computer is locked to ... that operating system or is it possible to install any operating system that ...
    (alt.sys.pc-clone.dell)
  • Re: Word crashes on large documents
    ... First let me congratulate Mac BU with Mac Word. ... I let word send a crash report to Microsoft after every ... A possible exception is your network environment. ... An operating system in perfect working order should ...
    (microsoft.public.mac.office.word)
  • Re: Network shutdown caused by a port scanner. "DENIAL OF SEVICE"
    ... Network Driver Architecture ... In addition the catalog items COM and DCOM were removed and replaced ... the catalog item is included in the Operating System Build. ...
    (microsoft.public.windowsce.embedded)