Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Dec 2005 01:36:11 +0100
From:      Angelo Laub <al@rechenknecht.net>
To:        freebsd-pf@freebsd.org
Subject:   Passive OS Fingerprinting broken?
Message-ID:  <3F36E476-34E6-4FF8-95B5-638B94E6475D@rechenknecht.net>
next in thread | raw e-mail | index | archive | help 

Hi,

I can't get Passive OS Fingerprinting to work on FreeBSD 6.0.
I've used PF's passive os fingerprinting under OpenBSD before without  
any problems, so I was wondering if there is something special to do  
on FreeBSD.

I have inserted a line 'block in quick proto tcp from any os  
"Windows" to any port smtp' but it does not work. I can still connect  
from Windows hosts. I've tried the same with Linux, no help here.
When I instead block specific IPs, it works as expected.

This is my pf.conf:

#### BEGIN PF.CONF ####

# Macros: define common values, so they can be referenced and changed  
easily.
ext_if="em0"	# replace with actual external interface name i.e., dc0

ServicesTCP="{ssh, www, 443, domain, smtp, pop3, imap, 993,  
995,5000,svn}"
ServicesUDP="{domain, 1194, smtp}"
internal_net="80.237.242.112/29"

# Normalization: reassemble fragments and resolve or reduce traffic  
ambiguities.
scrub in all no-df

block in quick proto tcp from any os "Windows" to any port smtp
block in log all

pass quick on lo0
pass quick on tap0
pass out on $ext_if all keep state
pass in on $ext_if from $internal_net to $ext_if keep state

# make it harder for nmap to scan us
block in log quick on $ext_if inet proto tcp from any to any flags  
FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/ 
SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA

# accept ping
pass in quick on $ext_if inet proto icmp all icmp-type 8 code 0 keep  
state

pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
pass  in  on $ext_if proto tcp from any to $ext_if port $ServicesTCP  
flags S/SA keep state
pass  in  on $ext_if proto udp from any to $ext_if port $ServicesUDP  
keep state

#### END PF.CONF ####

Am I doing something wrong?

Thanks,
Angelo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F36E476-34E6-4FF8-95B5-638B94E6475D>