Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's Packet Filter Gains OS Fingerprinting

Posted by CowboyNeal on from the no-more-amigas-on-my-networks dept.

basilpronoun writes "The PF packet filter / firewall that comes with OpenBSD has just been improved to allow firewalling decisions to take place based not only on the source of a connection, but the operating system of that source. There are both good and evil applications, not the least of which is blocking the spam from infected Windows machines."

2 of 18 comments (clear)

  1. No thanks to Darren Reed by QuantumG · · Score: 1, Insightful

    This is one of those features that would have NEVER made it into the kernel if we were still using ipf.

    --
    How we know is more important than what we know.
  2. Re:Worm warning by pmz · · Score: 2, Insightful

    all OpenBSD routers on the net can redirect the Windows traffic to windowsupdate.com ...?

    Perhaps better would be to redirect to a warning page that takes the user to their intended website after a few seconds. Simply going to windowsupdate.com would frustrate people who consciously leave their computers unpatched for various valid reasons (Windows Update is a genuine risk in itself).

    --
    Healthcare article at Kuro5hin