Passive OS fingerprint module included into netfilter tree
Patrick McHardy included OSF into netfilter tree.
OSF allows to passively detect remote OS and perform various netfilter actions based on that knowledge. This module compares some data (WS, MSS, options and it’s order, ttl, df and others) from packets with SYN bit set with dynamically loaded OS fingerprints.
OSF was my first big kernel project, it is more than 6 years old already. During this time it was seriously improved by moving to RCU, extending configuration and parsing, and of course by fixing fair number of bugs.
It is not possible to print packet info into dmesg anymore, but instead it is possible to push packet into userspace and process it there via netfilter netlink log facilities. You will need to download the latest OSF release to get fingerprint loading application. Eventually I will extend it with some application to log packets in userspace, in a meantime one can use existing loggers.
Climbing, climbing, climbing Trumpeting in Bb
Comments are currently closed.
Congrats!
I was using it at work, I’m really glad it is upstream and wont have to patch anymore =)
Thanks a lot!
We are playing on the same field here…
We also do some other fingerprinting on traffic.
http://gamelinux.github.com/prads/
I does not seem that osf has updated fingerprints?
E
OSF is a p0f port to netfilter