Re: Threat - Operating System Detected
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 09/07/05
- Next message: Steven L Umbach: "Re: Authentication Failure"
- Previous message: Sam Spade: "Re: Authentication Failure"
- In reply to: Neil: "Threat - Operating System Detected"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 7 Sep 2005 08:35:58 -0700
Neil
If you are going to use such as Nessus out-of-the-box, then you should
be doing some reading about what all gets detected and assess each
relative to your environment and the roles of the machine triggering the
message. Some are things to be concerned about anywhere. Some
are just facts of life if that is what a machine is supposed to be doing.
-- ra "Neil" <Neil@discussions.microsoft.com> wrote in message news:6AAB2EDD-0415-4771-947C-E1A70DCE86DE@microsoft.com... > What could be the solution to clear this violation shown below? > > THREAT: > Several different techniques can be used to identify the operating system > (OS) running on a host. A short description of these techniques is > provided > below. The specific technique used to identify the OS on this host is > included in the RESULTS section of your report. > 1) TCP/IP Fingerprint: The operating system of a host can be identified > from > a remote system using TCP/IP fingerprinting. All underlying operating > system TCP/IP stacks have subtle differences that can be seen in their > responses to specially-crafted TCP packets. According to the results of > this > "fingerprinting" technique, the OS version is among those listed below. > Note that if one or more of these subtle differences are modified by a > firewall or a packet filtering device between the scanner and the host, > the > fingerprinting technique may fail. Consequently, the version of the OS may > not be detected correctly. If the host is behind a proxy-type firewall, > the > version of the operating system detected may be that for the firewall > instead of for the host being scanned. > 2) NetBIOS: Short for Network Basic Input Output System, an application > programming interface (API) that augments the DOS BIOS by adding > special functions for local-area networks (LANs). Almost all LANs for PCs > are based on the NetBIOS. Some LAN manufacturers have even extended > it, adding additional network capabilities. NetBIOS relies on a message > format called Server Message Block (SMB). > 3) PHP Info: PHP is a hypertext pre-processor, an open-source, > server-side, > HTML-embedded scripting language used to create dynamic Web > pages. Under some configurations it is possible to call PHP functions like > phpinfo() and obtain operating system information. > 4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, > routers, and the networks to which they attach. The SNMP service > maintains Management Information Base (MIB), a set of variables (database) > that can be fetched by Managers. These include > "MIB_II.system.sysDescr" for the operating system.
- Next message: Steven L Umbach: "Re: Authentication Failure"
- Previous message: Sam Spade: "Re: Authentication Failure"
- In reply to: Neil: "Threat - Operating System Detected"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
