[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Real-world scenario for passive OS fingerprinting

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Real-world scenario for passive OS fingerprinting
From: Tim Hammerquist <tim+openbsd-misc_(_at_)_vegeta_(_dot_)_ath_(_dot_)_cx>
Date: Thu, 5 Aug 2004 16:23:43 -0700
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Reply-to: tim_(_at_)_vegeta_(_dot_)_ath_(_dot_)_cx

Squigly wrote:
> I've been using openbsd for quite some time, nothing fancy.  I've done
> some reading about passive OS fingerprinting, and played abit with
> p0f.
> [...]
> My question is, does anyone has a real-world scenario in which this
> feature might come handy?

My favorite so far has come from Randal.  See

http://unix.derkeiler.com/Newsgroups/comp.unix.bsd.openbsd.misc/2004-01/0459.html

It doesn't block access to Windows machines, but it does ensure that
worms will never unnecessarily suck your bandwidth.

CYA is a perfectly valid reason to fingerprint (and even drop)
a connecting machine.

HTH,
Tim Hammerquist

References:
- Real-world scenario for passive OS fingerprinting
  - From: Squigly

Prev by Date: Re: NEC P75 Boot Error
Next by Date: Re: OT: script language
Previous by thread: Real-world scenario for passive OS fingerprinting
Next by thread: OT: script language
Index(es):
- Date
- Thread

Visit your host, monkey.org