Title :
A new method for recognizing operating systems of automation devices
Author :
Medeiros, Joao Paulo S ; Brito, Agostinho M., Jr. ; Pires, Paulo S Motta
Author_Institution :
Dept. of Comput. Eng. & Autom. - DCA, Fed. Univ. of Rio Grande do Norte - UFRN, Rio Grande, Brazil
Abstract :
TCP/IP fingerprinting is the task of identify a machine operating system according to its TCP/IP protocol stack implementation. It can be used to help automation technology professionals to perform security tests against a device before put it into production. Current tools that perform TCP/IP fingerprinting can damage automation devices operation because of the specially crafted TCP/IP packets that are sent to the probed devices. Instead of these packets, this paper proposes a technique that uses a simple TCP SYN message to collect TCP ISN (initial sequence number) samples. Signal processing tools are used to classify the operating systems based on these samples. We conclude that it is possible to recognize operating systems using only one open TCP port on the target machine without compromise the device operation.
Keywords :
automation; operating systems (computers); security; signal processing; transport protocols; TCP SYN message; TCP/IP fingerprinting; automation devices; initial sequence number; operating systems; security tests; signal processing tools; Automatic testing; Automation; Fingerprint recognition; Operating systems; Performance evaluation; Production; Protocols; Security; Signal processing; TCPIP;
Conference_Titel :
Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on
Conference_Location :
Mallorca
Print_ISBN :
978-1-4244-2727-7
Electronic_ISBN :
1946-0759
DOI :
10.1109/ETFA.2009.5347095
