| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Mar 2009 10:54:21 +0100 From: Pablo Neira Ayuso <pablo@...filter.org> To: Evgeniy Polyakov <zbr@...emap.net> CC: Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org, David Miller <davem@...emloft.net>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Netfilter Development Mailinglist <netfilter-devel@...r.kernel.org>, Jan Engelhardt <jengelh@...ozas.de> Subject: Re: Passive OS fingerprint xtables match. Evgeniy Polyakov wrote: > Hi. > > Passive OS fingerprinting netfilter module allows to passively detect > remote OS and perform various netfilter actions based on that knowledge. > This module compares some data (WS, MSS, options and it's order, ttl, df > and others) from packets with SYN bit set with dynamically loaded OS > fingerprints. > > Fingerprint matching rules can be downloaded from OpenBSD source tree > and loaded via netlink connector into the kernel via special util found > in archive. It will also listen for events about matching packets. I like this feature. We have nfnetlink so I don't see why we should use the netlink connector instead. BTW, is there any difference with regards to userspace p0f apart from having this integrated into iptables? -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists