[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Real-world scenario for passive OS fingerprinting



Squigly wrote:
> I've been using openbsd for quite some time, nothing fancy.  I've done
> some reading about passive OS fingerprinting, and played abit with
> p0f.
> [...]
> My question is, does anyone has a real-world scenario in which this
> feature might come handy?

My favorite so far has come from Randal.  See

http://unix.derkeiler.com/Newsgroups/comp.unix.bsd.openbsd.misc/2004-01/0459.html

It doesn't block access to Windows machines, but it does ensure that
worms will never unnecessarily suck your bandwidth.

CYA is a perfectly valid reason to fingerprint (and even drop)
a connecting machine.

HTH,
Tim Hammerquist