Will an nmap Operating System scan work through a firewall?
OS Fingerprinting against a filtered device is certainly a challenge.
In most cases where a firewall or packet filter is in place, the OS
fingerprint won't be very accurate. This is because the OS
fingerprinting process needs to find at least one open port and one
closed port to make the resulting fingerprint worthwhile.
Nmap only sends eight frames to complete an OS scan. Four of the frames
are TCP frames to an open port, three are TCP frames to a closed port,
and one is a UDP frame to a closed port. The resulting operating system
determination is based on the responses of these eight tests. If we
only get to run four or five of the eight tests, the fingerprinting
obviously won't be as accurate. We need to determine which TCP ports
are open or closed prior to the OS scan, which is why nmap requires a
TCP-based scan to run along with the operating system tests.
阅读(883) | 评论(1) | 转发(0) |
