Skip navigation
2418 Views 1 Reply Latest reply: Nov 4, 2011 9:23 AM by qualyschris RSS
Renesh Sanjith Level 1 5 posts since
Oct 10, 2011
Currently Being Moderated

Nov 3, 2011 12:48 AM

Qualys detecting incorrect Operating system on Map

Hi,

 

I'm running a Map on one of the netblocks in my environment. I know that the machines in the netblock are Windows XP machines but the QualysGuard Map report indicates that they are Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP for the OS.

 

I'm using Windows Authentication when running the Map. Does anybody know why Qualys would detect the host OS incorrectly?

  • Hi Renesh,

     

    To clarify, there is no option to enable authentication in the mapping section of your option profile. This is because mapping is strictly a mechinism by which to identify potential scan targets for vulnerability assessment.

     

    What's likely happening with regard to the misidentification, is that there's a Linux device (firewall, router, etc) in front of the target that's actually responding on behalf of the target.  One test that you might try is pinging the target from a host on the same subnet as the QualysGuard appliance.  My guess is that the TTL returned will likely be around 64 or 255 -- default TTL values for Linux stacks -- vs the expected 128 for Windows stacks.

     

    Hope this helps,

    :Chris

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points