OS Detection can be seen a stimulus/response process: after sending test packets to a target host, we want to infer the OS type which most probably generated the host response. We can think of OS Fingerprints as the important characteristics of host responses to the stimuli that we used.
We presented an analysis, based on Neural Networks and statistical tools, of the tests used as stimulus to find out which are the most significatives respect to OS detection, and showed how these tests can be expanded and/or optimized.
We also presented two working OS detection modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish Windows, Linux, Solaris and BSD systems. We explained the inner workings of the neural networks and the fine tuning of their parameters; and showed succesful results.
In this opportunity, we released the tools that we used during our research:
- the tool used to train the neural networks given a dataset
- the Monte Carlo dataset generator (based on the Nmap database)