2000314

	NMAP OS fingerprint
advICE :Intrusions : 2000314

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
Attacker sends an unusual combination of TCP options to see how the system responds. Usually, the attacker is trying to identify the victim's operating system.
Details
This information can then help the attacker determine which weaknesses exist on that system, and provides valuable information to assist in further attacks. This particular set of options is sent by the NMAP program, which is especially popular with hackers.

more information

advICE: fingerprint
Article on TCP/IP fingerprinting
BugtraqID: 655 Solaris Recursive mutex_enter Panic Vulnerability: Fingerprinting some Solaris machines can cause the entire system to crash in some conditions.
X-Force: 2053 decod-nmap
CVE-1999-0454 A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.

parametric information

port The TCP destination port

flags The TCP flags from the offending frame. The flags are: S (SYN), F (FIN), R (RESET), P (PUSH), A (ACK), U (URGENT), 4 (low-order unused bit), 8 (high-order unused bit)

options The TCP options from the offending frame. The options are displayed as "option-value", separated by commas. No-ops are not displayed

 
Version appeared: 1.9

NMAP OS fingerprint