Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung PDF herunterladen (Seite 73)

The PVS has the ability to identify the likely operating system of a host by looking at the packets it generates. Specific

combinations of TCP packet entries, such as the window size and initial time-to-live (TTL) values, allow the PVS to predict

the operating system generating the traffic.

These unique TCP values are present when a server makes or responds to a TCP request. All TCP traffic is initiated with

a “SYN” packet. If the server accepts the connection, it will send a response that is known as a “SYN-ACK” packet. If the

server cannot or will not communicate, it will send a reset (RST) packet. When a server sends a “SYN” packet, the PVS

will apply the list of operating system fingerprints and attempt to determine the type of the operating system.

Tenable Network Security has received permission to re-distribute the passive operating fingerprints from the author of

SinFP open source project, which is available at:

http://www.gomor.org/sinfp

For Further Information

Tenable regularly updates PVS’s plugins and these can be viewed online at:

http://static.tenable.com/dev/tenable_plugins.pdf

An RSS feed of the latest plugins is available here:

http://www.tenable.com/pvs.xml

A document describing Tenable Product Plugin Families is available on the Tenable website:

http://static.tenable.com/documentation/Tenable_Products_Plugin_Families.pdf

Tenable Network Security, Inc. may be contacted via email for PVS support at sales@tenable.com or support@tenable.com.

1 2 ... 68 69 70 71 72 73 74 75 76 77 78 79

Keine Kommentare

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung Seite 73