Contributed by jose on from the ink-on-your-hands dept.
Part of the commit messages reads:
Date: Thu, 21 Aug 2003 13:12:09 -0600 (MDT) From: Mike FrantzenThis also adds a -o option to tcpdump(8) which lets you view the OS based on SYN fingerprinting. Thanks guys, this is pretty insane stuff now.
Subject: CVS: cvs.openbsd.org: src CVSROOT: /cvs Module name: src Changes by: email@example.com 2003/08/21 13:12:09 Modified files: sys/conf : files sys/net : pf.c pf_ioctl.c pf_norm.c pfvar.h sbin/pfctl : Makefile parse.y pfctl.8 pfctl.c pfctl_parser.c pfctl_parser.h Added files: sys/net : pf_osfp.c sbin/pfctl : pfctl_osfp.c Log message: Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. Exposes the source IP's operating system to the filter language. Interesting policy decisions are now enforceable: . block proto tcp from any os SCO . block proto tcp from any os Windows to any port smtp . rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001
(Comments are closed)