OS Fingerprinting in OpenBSD's PF Firewall

Dan writes "Mike Frantzen has committed "Passive operating system fingerprinting" to PF which exposes the source host's OS to the filter language. The goal of this work is to allow firewalling decisions to take place based not only on the source of a connection, but the operating system of that source. Powerful policy enforcement is now possible such as redirecting all older windows boxes to a web site telling them to upgrade. Or blocking all windows boxes from connecting to mail servers (damn worms). A writeup can be found here. Please help contribute to the OS fingerprint database by going to http://lcamtuf.coredump.cx/p0f-help/ and typing in your OS description if it does not recognize your OS." Sorry - my fault. It is a dupe.

Re:can't wait 4 this

[pauldy]

You make some interesting points on how it could be used in a network that may or may not be usable to some so I guees it is better to have them there than not. I personally was more concerned with the notion presented in the slashdot article that people would use this to redirect people off their websites to upgrade sites based of their fingerprint. As for the religion here to each his or her own. The only thing I would really hate to see is people using this to deny others access based off what is really nothing more than an educated guess as to what is on the other end of that syn.