OSI stack security: Layer 4-Fingerprint Recognition

 

[TechTarget China original] OSI Mode layer 4th is the transport layer, which is located in the middle of the OSI Mode. This chapter describes fingerprint recognition and its relationship with the transport layer. Fingerprint recognition is an operating system (OS)-level function. To better understand how fingerprint recognition works, we first need to review some basic concepts of the transport layer: identity verification. For example, does the client run MAC OS10, BSD, or Windows 2003 servers?

There are two main Protocols related to the transport layer: the first is the user data packet protocol (UDP), which is a connectionless protocol. UDP does not provide a reliability mechanism. Its design goal is to increase the speed. The other is the Transmission Control Protocol (TCP), which is designed based on connections and reliability. TCP reliability is achieved through the use of flow control, error detection verification code, serial number confirmation, window size definition, and process startup and shutdown.

TCP also uses a set of control bits and tags. These tags are used to control data streams. Below are some common tags:

URG: Indicates emergency data.

ACK: indicates the sequence value. Validation sequence numbers are important and must pass the receiver's test.

RST: Indicates resetting. RST can be used to terminate a problematic connection.

SYN: synchronous. SYN is used to start a session.

FIN: indicates completion. FIN is used to send a session clearing signal when the session ends.

TCP and UDP both act as middlemen during connection creation. The transport layer is responsible for the connection between hosts. When talking about connection problems, you can imagine the call situation. When you hear a response from someone on the other side of the phone, you can know a lot of information-whether the person (she) is young or old, whether it is a man or a woman. When a hacker attempts to identify an attack target, the fingerprint recognition function is very similar to this situation. The target must be identified before the attack is loaded. It can be positive or negative.

Passive Fingerprint Recognition

Passive fingerprint recognition is difficult to detect. It does not need to inject traffic into the network, but is more like a packet sniffer. The passive fingerprint recognition tool can detect data packets and view the default values of IP, ICMP, and TCP headers to determine the operating system type of the data packets. Although passive fingerprint recognition may not be accurate, it is very concealed. Tools such as Siphon, Ettercap, and p0f are based on passive concepts. If you want to read