Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's Packet Filter Gains OS Fingerprinting

Posted by CowboyNeal on from the no-more-amigas-on-my-networks dept.

basilpronoun writes "The PF packet filter / firewall that comes with OpenBSD has just been improved to allow firewalling decisions to take place based not only on the source of a connection, but the operating system of that source. There are both good and evil applications, not the least of which is blocking the spam from infected Windows machines."

14 of 18 comments (clear)

  1. This is slick! by j0nkatz · · Score: 2, Funny

    Block those bastard Windows users!!!

    --
    Don't mod me, bro'!!!!
  2. Many uses by Hungus · · Score: 5, Funny

    I like this, amongst other things it will allow me to prevent non HIPAA compliant OSs from accessing my medical sites. After all how many physcians know how to spoof ethernet packets?

    Now where did I put that openBSD box?

    --
    Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
  3. Windows? SCO! by Feztaa · · Score: 4, Funny

    Even better, lets get all the BSD routers out there to implement rules to drop packets coming from a computer running any of SCO's products. That'll show 'em!

    1. Re:Windows? SCO! by stu_coates · · Score: 1

      Yeah, that'll show BOTH of them! ;-)

  4. No thanks to Darren Reed by QuantumG · · Score: 1, Insightful

    This is one of those features that would have NEVER made it into the kernel if we were still using ipf.

    --
    How we know is more important than what we know.
  5. hmmmm... by dJCL · · Score: 1

    almost reason enough to move my firewall over... or see if someone will port it to linux...

    Either way, i could see some fun uses for this...

    --
    On Arrakis: early worm gets the bird. Magister mundi sum!
    1. Re:hmmmm... by CableModemSniper · · Score: 1

      iptables + nmap -O? Maybe... You could write some overly-complicated script. When someone goes to connect have nmap do an OS fingerprint scan on them and then if you don't like the results add an iptables rule based on their host.

      --
      Why not fork?
    2. Re:hmmmm... by Triumph+The+Insult+C · · Score: 1

      or spend an hour and upgrade to openbsd and not fight it.

      --
      vodka, straight up, thank you!
  6. Worm warning by ptaff · · Score: 2, Interesting

    Then if there is a Windows worm in the wild, all OpenBSD routers on the net can redirect the Windows traffic to windowsupdate.com ...?

    1. Re:Worm warning by pmz · · Score: 2, Insightful

      all OpenBSD routers on the net can redirect the Windows traffic to windowsupdate.com ...?

      Perhaps better would be to redirect to a warning page that takes the user to their intended website after a few seconds. Simply going to windowsupdate.com would frustrate people who consciously leave their computers unpatched for various valid reasons (Windows Update is a genuine risk in itself).

      --
      Healthcare article at Kuro5hin
    2. Re:Worm warning by nutznboltz · · Score: 1

      Perhaps better would be to redirect to a warning page that takes the user to their intended website after a few seconds.

      But no one would see the page since the worm is not a web browser, it just sends out HTTP commands similiar to the way a web broweser does.

  7. be nice by muirhead · · Score: 2, Interesting
    From the article:
    Or maybe I think SCO sucks sweaty monkey balls and their customers should be redirected to a web page of ranting and ravings about why they should cancel their contracts or somesuch.
    Okay, so they made a mistake, be nice.
    Don't you think that SCO's customers are suffering enough already?
    1. Re:be nice by Anonymous Coward · · Score: 2, Funny

      NO!

    2. Re:be nice by innosent · · Score: 1

      SCO has customers? IIRC, SCO made money for the first time in their history the last 2 quarters. Before M$ started pouring in money, SCO never turned a profit.

      Technically SCO didn't develop anything that they sell right now. SCO Unix (and project Monterrey) came from old SCO, which became Tarantella. SCO/Caldera just bought it from them. Old SCO had customers, New SCO has lawsuits.

      --
      --That's the point of being root, you can do anything you want, even if it's stupid.