Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 03:46:15 -0000
From:      "Max Laier" <max@love2party.net>
To:        <pf4freebsd@freelists.org>
Subject:   [pf4freebsd] Fw: PF filter decisions based on source OS type
Message-ID:  <015401c368d6$9c9ef8e0$01000001@max900>
next in thread | raw e-mail | index | archive | help 
for those curious about this feature: It's on the way! I'll just wait a bit
for Daniel et al to discover the more obvious problems and build a release
as soon as these are available via CVS. One minor in pfvar.h was allready
fixed as well as a problem in pfctl. Give it 2 hours ...

pftcpdump will come with the fancy "-o" switch, it's working fine =)

For pfaltq-fbsd testers: Sync is on the way ... but give me a day or two on
that one ... CBA to do two syncs in a row.

Regards,
    Max

N.B.: This is not a security feature!!!

http://www.benzedrine.cx/pf/msg03089.html :
>>>>
From: "Mike Frantzen" <frantzen@w4g.org>
To: <pf@benzedrine.cx>
Sent: Thursday, August 21, 2003 9:18 PM

> Just committed a diff to -current that lets adds Michal Zalewski's
> p0f v2 style passive fingerprinting to PF.  It allows PF to filter on
> the operating system of the source host by passively fingerprinting
> the SYN packets.  Powerfuly policy enforcement is now possible:
>   block proto tcp from any os Windows to any port smtp
>   block proto tcp from any os SCO
>   pass proto tcp from any os $UNIXES keep state queue high-bandwidth
>
>   # Send older windows to a web page telling them to upgrade
>   rdr on le0 proto tcp from any os "Windows 98" to any port 80 \
>       -> 127.0.0.1 port 8001
>
> Passive fingerprinting has also been added to tcpdump via the -o
> parameter to print out the sender OS of TCP SYN packets.
>
> There is a short writeup at http://www.w4g.org/fingerprinting.html
>
> We need your help to populate the operating system database.  Please
> go to http://lcamtuf.coredump.cx/p0f-help with as many machines with
> web browsers as possible and type in your OS name if it doesn't
> recognize the machine.
>
> .mike

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015401c368d6$9c9ef8e0$01000001>