Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's Packet Filter Gains OS Fingerprinting

Posted by CowboyNeal on from the no-more-amigas-on-my-networks dept.

basilpronoun writes "The PF packet filter / firewall that comes with OpenBSD has just been improved to allow firewalling decisions to take place based not only on the source of a connection, but the operating system of that source. There are both good and evil applications, not the least of which is blocking the spam from infected Windows machines."

18 comments

  1. This is slick! by j0nkatz · · Score: 2, Funny

    Block those bastard Windows users!!!

    --
    Don't mod me, bro'!!!!
  2. Next step: by Anonymous Coward · · Score: 0

    Built in worm detection. Heh.

  3. Many uses by Hungus · · Score: 5, Funny

    I like this, amongst other things it will allow me to prevent non HIPAA compliant OSs from accessing my medical sites. After all how many physcians know how to spoof ethernet packets?

    Now where did I put that openBSD box?

    --
    Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
  4. Windows? SCO! by Feztaa · · Score: 4, Funny

    Even better, lets get all the BSD routers out there to implement rules to drop packets coming from a computer running any of SCO's products. That'll show 'em!

    1. Re:Windows? SCO! by stu_coates · · Score: 1

      Yeah, that'll show BOTH of them! ;-)

  5. No thanks to Darren Reed by QuantumG · · Score: 1, Insightful

    This is one of those features that would have NEVER made it into the kernel if we were still using ipf.

    --
    How we know is more important than what we know.
  6. hmmmm... by dJCL · · Score: 1

    almost reason enough to move my firewall over... or see if someone will port it to linux...

    Either way, i could see some fun uses for this...

    --
    On Arrakis: early worm gets the bird. Magister mundi sum!
    1. Re:hmmmm... by CableModemSniper · · Score: 1

      iptables + nmap -O? Maybe... You could write some overly-complicated script. When someone goes to connect have nmap do an OS fingerprint scan on them and then if you don't like the results add an iptables rule based on their host.

      --
      Why not fork?
    2. Re:hmmmm... by Triumph+The+Insult+C · · Score: 1

      or spend an hour and upgrade to openbsd and not fight it.

      --
      vodka, straight up, thank you!
  7. Worm warning by ptaff · · Score: 2, Interesting

    Then if there is a Windows worm in the wild, all OpenBSD routers on the net can redirect the Windows traffic to windowsupdate.com ...?

    1. Re:Worm warning by pmz · · Score: 2, Insightful

      all OpenBSD routers on the net can redirect the Windows traffic to windowsupdate.com ...?

      Perhaps better would be to redirect to a warning page that takes the user to their intended website after a few seconds. Simply going to windowsupdate.com would frustrate people who consciously leave their computers unpatched for various valid reasons (Windows Update is a genuine risk in itself).

      --
      Healthcare article at Kuro5hin
    2. Re:Worm warning by nutznboltz · · Score: 1

      Perhaps better would be to redirect to a warning page that takes the user to their intended website after a few seconds.

      But no one would see the page since the worm is not a web browser, it just sends out HTTP commands similiar to the way a web broweser does.

  8. be nice by muirhead · · Score: 2, Interesting
    From the article:
    Or maybe I think SCO sucks sweaty monkey balls and their customers should be redirected to a web page of ranting and ravings about why they should cancel their contracts or somesuch.
    Okay, so they made a mistake, be nice.
    Don't you think that SCO's customers are suffering enough already?
    1. Re:be nice by Anonymous Coward · · Score: 2, Funny

      NO!

    2. Re:be nice by innosent · · Score: 1

      SCO has customers? IIRC, SCO made money for the first time in their history the last 2 quarters. Before M$ started pouring in money, SCO never turned a profit.

      Technically SCO didn't develop anything that they sell right now. SCO Unix (and project Monterrey) came from old SCO, which became Tarantella. SCO/Caldera just bought it from them. Old SCO had customers, New SCO has lawsuits.

      --
      --That's the point of being root, you can do anything you want, even if it's stupid.
  9. Elegy for *BSD by Anonymous Coward · · Score: 0

    Elegy For *BSD

    I am a *BSD user
    and I try hard to be brave
    That is a tall order
    *BSD's foot is in the grave.

    I tap at my toy keyboard
    and whistle a happy tune
    but keeping happy's so hard,
    *BSD died so soon.

    Each day I wake and softly sob
    Nightfall finds me crying
    Not only am I a zit faced slob
    but *BSD is dying.
  10. *BSD is dying by Anonymous Coward · · Score: 0
    Fact: *BSD is dying

    It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major marketing surveys show that *BSD has steadily declined in market share. *BSD is extremely sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among hobbyist dilettante dabblers. In truth, for all practical purposes *BSD is already dead. It is a dead man walking.

    Fact: *BSD is dying