1 Reply Latest reply: Nov 4, 2011 9:23 AM by qualyschris RSS

Qualys detecting incorrect Operating system on Map

Renesh Sanjith

Hi,

 

I'm running a Map on one of the netblocks in my environment. I know that the machines in the netblock are Windows XP machines but the QualysGuard Map report indicates that they are Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP for the OS.

 

I'm using Windows Authentication when running the Map. Does anybody know why Qualys would detect the host OS incorrectly?

  • Qualys detecting incorrect Operating system on Map
    qualyschris

    Hi Renesh,

     

    To clarify, there is no option to enable authentication in the mapping section of your option profile. This is because mapping is strictly a mechinism by which to identify potential scan targets for vulnerability assessment.

     

    What's likely happening with regard to the misidentification, is that there's a Linux device (firewall, router, etc) in front of the target that's actually responding on behalf of the target.  One test that you might try is pinging the target from a host on the same subnet as the QualysGuard appliance.  My guess is that the TTL returned will likely be around 64 or 255 -- default TTL values for Linux stacks -- vs the expected 128 for Windows stacks.

     

    Hope this helps,

    :Chris