[Discussion] OS Fingerprinting

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Matt Jonkman <jonkman at jonkmans.com>:

> I use it with spamassassin and it *seems* to make a big difference
> there. I haven't pulled exact stats, but the idea that mail from a
> windows box is more likely to be spam is surely valid.
>
> Have to look into how far it does ID windows versions. Even if we can
> just get server os vs workstation os that'd be pretty interesting I think.
>
> Anyone used it much lately?

I still use it at the "Genre" level and it works predictably.  I  
categorize things into "Windows", "Linux", "Unix" (aix+sun), "BSD",  
and "MAC" and it seems to work well enough ( ~ 80% ? ) to feed data  
into my "poor-man's RNA".

I don't think the fine grained accuracy is reliable for service-patch  
level detection, but p0f works ok at the genre level.  I did rewrite  
the socket listener and caching part of it, but the fingerprinting  
part works well enough as-is.


tc

-- 
Simple compliance is a hacker's best friend

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]