Wspominane tu niedawno narzędzie Michała Zalewskiego do pasywnego fingerprintingu – p0f v2 znalazło już zastosowanie. Zostało one dołączone przez Mike’a Frantzen’a do kodu odpowiedzialnego za filtrowanie pakietów w OpenBSD oraz do tcpdump.
From: Mike Frantzen [email blocked] Subject: PF filter decisions based on source OS type Date: 21 Aug 2003 12:53:44 -0700 Just committed a diff to -current that lets adds Michal Zalewski's p0f v2 style passive fingerprinting to PF. It allows PF to filter on the operating system of the source host by passively fingerprinting the SYN packets. Powerfuly policy enforcement is now possible: block proto tcp from any os Windows to any port smtp block proto tcp from any os SCO pass proto tcp from any os $UNIXES keep state queue high-bandwidth # Send older windows to a web page telling them to upgrade rdr on le0 proto tcp from any os "Windows 98" to any port 80 -> 127.0.0.1 port 8001 Passive fingerprinting has also been added to tcpdump via the -o parameter to print out the sender OS of TCP SYN packets. There is a short writeup at http://www.w4g.org/fingerprinting.html We need your help to populate the operating system database. Please go to http://lcamtuf.coredump.cx/p0f-help with as many machines with web browsers as possible and type in your OS name if it doesn't recognize the machine. .mike
Źródło: OSNews
Archiwalny news dodany przez użytkownika: dwakwiaty.
Kliknij tutaj by zobaczyć archiwalne komentarze.