Re: Doing something with OS fingerprint?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 03.03.21 20:47, Stef Bon wrote:
> Op ma 22 feb. 2021 om 10:56 schreef Jochen Bern <Jochen.Bern@xxxxxxxxx>:
>> My - admittedly first ever - thoughts on that:
>> -- Doesn't OpenSSH already parse the peer's Hello String for that
>>    purpose?
> > No as I know it that is only the software and version, not the os,

Well, yes, because to "meet the peer's flaws and maybe bugs", as you put
it, ssh and sshd would need to be able to *do something about them*, and
what these pieces of software do is to handle the SSH protocol, not to
(random example) second-guess what the behavior of the peer's OS is WRT
reassembly of overlapping TCP fragments.

Or am I just not thinking of the same sort of "purely OS-level flaws and
bugs" as you are?

>> -- osf can also differ from defaults (own fingerprint files being
>>    loaded, --ttl param etc.)
> 
> Huh what do you mean Jochen? You know something about this software?

I had a look at my local iptables-extensions manpage, which offers me
three different --ttl levels to modify osf's behavior and strongly
suggests that I am to specify rules in terms of "genres" and other terms
*derived* from the actual fingerprint as per the local fingerprints file.

(I.e., when you look at a fingerprint in that file like:

> 32696:128:0:40:M1460:			Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine

then the strictly formatted *left* hand side corresponds to the actual
test result but the *right* hand side is what I can have the iptables
rules match; have someone edit the fingerprint file to introduce an
earlier match named "MumbleFoo stupid middleboxes" and you'll never see
a "Spirent" reported again.)

By the way, you might want to look at the upstream maintainers' CVS log

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os

for some choice comments, like with release 1.25. :-3

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux