1 Reply Latest reply on Nov 4, 2011 9:23 AM by qualyschris

    Qualys detecting incorrect Operating system on Map

    Renesh Sanjith Level 1

      Hi,

       

      I'm running a Map on one of the netblocks in my environment. I know that the machines in the netblock are Windows XP machines but the QualysGuard Map report indicates that they are Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP for the OS.

       

      I'm using Windows Authentication when running the Map. Does anybody know why Qualys would detect the host OS incorrectly?

        • Qualys detecting incorrect Operating system on Map
          qualyschris Level 3

          Hi Renesh,

           

          To clarify, there is no option to enable authentication in the mapping section of your option profile. This is because mapping is strictly a mechinism by which to identify potential scan targets for vulnerability assessment.

           

          What's likely happening with regard to the misidentification, is that there's a Linux device (firewall, router, etc) in front of the target that's actually responding on behalf of the target.  One test that you might try is pinging the target from a host on the same subnet as the QualysGuard appliance.  My guess is that the TTL returned will likely be around 64 or 255 -- default TTL values for Linux stacks -- vs the expected 128 for Windows stacks.

           

          Hope this helps,

          :Chris