[pf4freebsd] Fw: PF filter decisions based on source OS type
Max Laier
max at love2party.net
Wed Sep 15 20:46:15 PDT 2004
for those curious about this feature: It's on the way! I'll just wait a bit
for Daniel et al to discover the more obvious problems and build a release
as soon as these are available via CVS. One minor in pfvar.h was allready
fixed as well as a problem in pfctl. Give it 2 hours ...
pftcpdump will come with the fancy "-o" switch, it's working fine =)
For pfaltq-fbsd testers: Sync is on the way ... but give me a day or two on
that one ... CBA to do two syncs in a row.
Regards,
Max
N.B.: This is not a security feature!!!
http://www.benzedrine.cx/pf/msg03089.html :
>>>>
From: "Mike Frantzen" <frantzen at w4g.org>
To: <pf at benzedrine.cx>
Sent: Thursday, August 21, 2003 9:18 PM
> Just committed a diff to -current that lets adds Michal Zalewski's
> p0f v2 style passive fingerprinting to PF. It allows PF to filter on
> the operating system of the source host by passively fingerprinting
> the SYN packets. Powerfuly policy enforcement is now possible:
> block proto tcp from any os Windows to any port smtp
> block proto tcp from any os SCO
> pass proto tcp from any os $UNIXES keep state queue high-bandwidth
>
> # Send older windows to a web page telling them to upgrade
> rdr on le0 proto tcp from any os "Windows 98" to any port 80 \
> -> 127.0.0.1 port 8001
>
> Passive fingerprinting has also been added to tcpdump via the -o
> parameter to print out the sender OS of TCP SYN packets.
>
> There is a short writeup at http://www.w4g.org/fingerprinting.html
>
> We need your help to populate the operating system database. Please
> go to http://lcamtuf.coredump.cx/p0f-help with as many machines with
> web browsers as possible and type in your OS name if it doesn't
> recognize the machine.
>
> .mike
More information about the freebsd-pf
mailing list