lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 Jul 2008 15:39:28 +0400
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	netdev@...r.kernel.org
Cc:	netfilter-devel@...r.kernel.org
Subject: Passive OS fingerprinting.

Hi.

Passive OS fingerprinting iptables (xtables) allows to match incoming
packets by different sets of SYN-packet and determine, which remote
system is on the remote end, so you can make decisions based on OS
type and even version at some degreee and perform various netfilter
actions based on that knowledge.

This module compares some data (WS, MSS, options and it's order, ttl, df
and others) from packets with SYN bit set with dynamically loaded OS
fingerprints.

This version existed quite for a while in patch-o-matic(-ng), but
suddenly was dropped and then only was updated on its own repo:
http://tservice.net.ru/~s0mbre/old/?section=projects&item=osf

I've updated OSF to match new iptables standards (namely xtables
support) and present new kernelspace and userspace library files in
attach.

To setup single rule, which will drop and log all Linux incoming
access one needs to do following steps:
# insmod ./ipt_osf.ko
# ./load ./pf.os /proc/sys/net/ipv4/osf
# iptables -I INPUT -j DROP -p tcp -m osf --genre Linux --log 2 \
--ttl 2 --connector

And you will find following lines in dmesg:

ipt_osf: Linux [2.5-2.6::Linux 2.5/2.6] : aa:aa:aa:aa:32885 -> bb:bb:bb:bb:23 hops=3

More info can be found on homepage:
http://tservice.net.ru/~s0mbre/old/?section=projects&item=osf

Enjoy!

Signed-off-by: Evgeniy Polyakov <johnpol@....mipt.ru>

-- 
	Evgeniy Polyakov

View attachment "ipt_osf.c" of type "text/plain" (18961 bytes)

View attachment "ipt_osf.h" of type "text/plain" (3603 bytes)

View attachment "libipt_osf.c" of type "text/plain" (5176 bytes)

View attachment "Makefile" of type "text/plain" (866 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ