信息来源:
http://www.cnsea.org/forum/viewtopic.php?t=787
主动式OS指纹工具, 象NMAP, 是要给目标主机发送TCP报文, 然后分析目标主机返
回的报文的特徵, 再同自己的OS指纹数据库做比较。
被动式的操作系统指纹扫描, 可以做到不向目标主机发布任何报文, 也能探测到
目标主机是什么操作系统。 听起来比较神奇, 但原理还是比较简单的。
看一看下面这个被动式操作系统指纹扫描工具
> From: Michal Zalewski <
lcamtuf@coredump.cx>
> Date: July 10, 2004 1:45:33 PM PDT
> To:
bugtraq@securityfocus.com
> Subject: [tool] p0f 2.0.4 is out
>
> I am proud to announce the availability of p0f 2.0.4, a passive OS
> fingerprinter (and more). Since 2.0.1 (announced here over a year
> ago), p0f has gained features such as:
>
> - RST+ACK (connection refused) fingerprinting,
> - Official SYN+ACK (outgoing connection) fingerprinting support,
> - Sophisticated masquerade / IP sharing detection algorithms,
> - TCP/IP stack bug dissector and fingerprinting support,
> - External query API for easier service integration,
> - Rudimentary fuzzy matching,
> - Cool supplementary utilities and ports,
> - Numerous bugfixes and functionality enhancements,
> - Plenty of new signatures.
>
> P0f is extremely useful in various security-related applications,
> including but not limited to traffic analysis, IDS, forensics, policy
> enforcement, pen-testing, low-profile network reconnaissance.
>
> More information, links to related or derived projects, and last but not
> least, source downloads, can be all found at:
>
> =>
http://lcamtuf.coredump.cx/p0f.shtml <=
>
> If you wish to stay up-to-date, you are welcome to subscribe to p0f
> project at
http://www.freshmeat.net/projects/p0f/.
>
> Cheers,
> --
> ------------------------- bash$ :(){ :|:&};: --
> Michal Zalewski * [
http://lcamtuf.coredump.cx]
> Did you know that clones never use mirrors?
> --------------------------- 2004-07-10 22:26 --
>
>
http://lcamtuf.coredump.cx/photo/current/
