System and method for network vulnerability detection and reporting
First Claim
1. A system for determining an operating system of a target computer operably connected to a network, the system comprising:
- first and second data packets, said first and second data packets compliant with a protocol supported by said network, said first and second data packets transmitted via said network to said target computer;
first and second operating system fingerprints comprising data bits stored in a computer-readable medium, said first and second operating system fingerprints associated with a first operating system;
a first target computer fingerprint comprising data bits stored in a computer-readable medium, said first target computer fingerprint including a representation of at least a portion of data received in response to said transmission of said first data packet;
a second target computer fingerprint comprising data bits stored in a computer-readable medium, said second target computer fingerprint including a representation of at least a portion of data received in response to said transmission of said second data packet; and
fingerprint comparison instructions embodied in a computer readable storage medium, said instructions executable by a computer to compare said first operating system fingerprint and said first target computer fingerprint, to compare said second operating system fingerprint and said second target computer fingerprint, and to generate a result indicative of whether said first operating system was running on said target computer;
wherein the first and second data packets each include TCP packets.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
281 Citations
20 Claims
-
1. A system for determining an operating system of a target computer operably connected to a network, the system comprising:
-
first and second data packets, said first and second data packets compliant with a protocol supported by said network, said first and second data packets transmitted via said network to said target computer; first and second operating system fingerprints comprising data bits stored in a computer-readable medium, said first and second operating system fingerprints associated with a first operating system; a first target computer fingerprint comprising data bits stored in a computer-readable medium, said first target computer fingerprint including a representation of at least a portion of data received in response to said transmission of said first data packet; a second target computer fingerprint comprising data bits stored in a computer-readable medium, said second target computer fingerprint including a representation of at least a portion of data received in response to said transmission of said second data packet; and fingerprint comparison instructions embodied in a computer readable storage medium, said instructions executable by a computer to compare said first operating system fingerprint and said first target computer fingerprint, to compare said second operating system fingerprint and said second target computer fingerprint, and to generate a result indicative of whether said first operating system was running on said target computer; wherein the first and second data packets each include TCP packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 18, 19, 20)
-
-
13. A method for identifying an operating system of a target computer via a network, the method comprising the steps of:
-
sending a first data packet to said target computer via said network, said first data packet complying with a protocol of said network and having a first pattern of bits in a first range of bits; generating a first response value representing at least a portion of data received via said network in response to said sending of said first data packet; sending a second data packet to said target computer via said network, said second data packet complying with said protocol and having a second pattern of bits in a first range of bits, said second pattern of bits different from said fir St pattern; generating a second response value representing at least a portion of data received via said network in response to said sending of said second data packet; sending a third data packet to said target computer via said network, said third data packet complying with said protocol and having a third pattern of bits in a first range of bits, said third pattern of bits different from said first or said second pattern; generating a third response value representing at least a portion of data received via said network in response to said sending of said third data packet; comparing said first response value to a first predetermined value associated with a first operating system; comparing said second response value to a second predetermined value associated with said first operating system; comparing said third response value to a third predetermined value associated with said first operating system; and generating a value indicative of a relationship between said first operating system and said target computer; wherein the first, second, and third data packets each include TCP packets. - View Dependent Claims (14, 15, 16, 17)
-
Specification