Detect OS using IP address?

Yes, each OS sets a certain default TTL value in all the outgoing packets originating from it's tcp/ip stack (unless configured otherwise). This varies among some OS or OS versions, but not always. TTL is an 8-bit number (0-255) but practically only few standard reasonable values are used as defaults (32, 64, 128 and 255) so in most cases TTL won't provide very specific information about the originating platform.

This link provides default TTL values for different OSes.

thanks DaLIght...it help me a lot..
since everybody can scan our ip, is it a method to make it secure?

In any case the primary focus should be to secure the systems instead of trying to evade the numerous OS fingeprinting techniques. By securing the systems I mean following common practices like
- minimizing the installed software
- minimzing the running services
- minimizing the filesystem and any other access permissions
- keeping everything up-to-date
- defining access lists whenever possible for sensitive services that do not need to be accessible from everyone or everywhere
- seting a good password policy, i.e. use passwords of more than 12 characters that change frequently
- keeping detailed logs for every possible activity
- using encryption wherever possible
- implementing an Intrusion Detection System or Intrusion Prevention System (like snort ) that will notify you or take some action in case of unusual activity.

Depending on the number and kind of services your systems provide and the importance of data stored or exchanged, you may decide how many resources you want to spent for maximizing their safety. In general, if you follow the first 7 rules, each individual system should be decently secure against random script-kiddies. If you want to mention what services you intend to run and in which platforms, we may be able to suggest specific tips.

Unfortunatelly attacks that take place from the inside of your network, i.e. by infecting windows workstations, are just as dangerous and frequent today. So, especially if you have many workstations in your internal network, you must also emphasize to their protection from less direct threats like virii, worms and phising email messages, that may allow someone at the outside to gain access to the internal network, bypassing any security measures that may be in place to protect from the outside. I've been studying a book these days, called "Extrusion Detection: Monitoring for Internal Intrusions" that made me reevaluate these kinds of threats!

You hit the nail on the head nske!. Protecting a system from external intrusion is relatively easy if you know what you're doing. The serious problem for network admins nowadays is securing your network from the enemy within. It can be done, but it requires more work.

LANSPY. The greatest when it comes to inside network scanning.