A new method for recognizing operating systems of automation devices

Author

Medeiros, Joao Paulo S ; Brito, Agostinho M., Jr. ; Pires, Paulo S Motta

Author_Institution

Dept. of Comput. Eng. & Autom. - DCA, Fed. Univ. of Rio Grande do Norte - UFRN, Rio Grande, Brazil

fYear

2009

fDate

22-25 Sept. 2009

Firstpage

1

Lastpage

4

Abstract

TCP/IP fingerprinting is the task of identify a machine operating system according to its TCP/IP protocol stack implementation. It can be used to help automation technology professionals to perform security tests against a device before put it into production. Current tools that perform TCP/IP fingerprinting can damage automation devices operation because of the specially crafted TCP/IP packets that are sent to the probed devices. Instead of these packets, this paper proposes a technique that uses a simple TCP SYN message to collect TCP ISN (initial sequence number) samples. Signal processing tools are used to classify the operating systems based on these samples. We conclude that it is possible to recognize operating systems using only one open TCP port on the target machine without compromise the device operation.

Keywords

automation; operating systems (computers); security; signal processing; transport protocols; TCP SYN message; TCP/IP fingerprinting; automation devices; initial sequence number; operating systems; security tests; signal processing tools; Automatic testing; Automation; Fingerprint recognition; Operating systems; Performance evaluation; Production; Protocols; Security; Signal processing; TCPIP;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on

Conference_Location

Mallorca

ISSN

1946-0759

Print_ISBN

978-1-4244-2727-7

Electronic_ISBN

1946-0759

Type

conf

DOI

10.1109/ETFA.2009.5347095

Filename

5347095