Re: Passive OS fingerprinting.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jan Engelhardt wrote:
On Tuesday 2008-07-01 15:08, Evgeniy Polyakov wrote:
I'm not sure it is that simple. OSF uses common rules database
shared with OpenBSD (and other *BSDs as well), so converting it into u32
match would require noticeble efforts. But in theory it is probably
doable.
This would be preferrable in my opinion since they both allow
programmable filters, but u32 appears to be more flexible. I'm
very reluctant to add new iptables modules that don't increase
expressiveness or provide other clear benefits since we already
have an insane amount of modules.

An iptables extension which you can use with -m osf --genre Linux
but which internally uses xt_u32.ko would be the perfect solution
ATM IMO. It would require a number of changes to the iptables API
though...

I agree that this would be much nicer. I assume you would either need
a way to associate multiple matches with a single userspace extension
or a much more intelligent parser in userspace?

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux