i read the don's post about the tcp forsenic challange , i couldnt help notice that , presumabley the attacker tried a portscan to find out the OS of the system.

what is intresting is that how a simple port scan can tell the os ( and if poss its build), as all the services and ports are usually dependent upon the applications and not exactly on the server, and os normally do not run services unique to them. ex a ftp deamon running on every os will ahve same port (by default).....

could u pls explain how can an attacker find out the type of OS by using pscan etc. , and how deep the info could be, (ex. is it pos to find out the kernel version, build etc) ,

the answer ought to be intresting.