path: root/extensions/
diff options
Diffstat (limited to 'extensions/')
1 files changed, 0 insertions, 47 deletions
diff --git a/extensions/ b/extensions/
deleted file mode 100644
index 38d25a03..00000000
--- a/extensions/
+++ /dev/null
@@ -1,47 +0,0 @@
-The idea of passive OS fingerprint matching exists for quite a long time,
-but was created as extension fo OpenBSD pf only some weeks ago.
-Original idea was lurked in some OpenBSD mailing list (thanks
-grange@open...) and than adopted for Linux netfilter in form of this code.
-Original fingerprint table was created by Michal Zalewski <>.
-This module compares some data(WS, MSS, options and it's order, ttl,
-df and others) from first SYN packet (actually from packets with SYN
-bit set) with dynamically loaded OS fingerprints.
-.B "--log 1/0"
-If present, OSF will log determined genres even if they don't match
-desired one.
-0 - log all determined entries,
-1 - only first one.
-In syslog you find something like this:
-ipt_osf: Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: ->
-ipt_osf: Unknown: 16384:106:1:48:020405B401010402 ->
-.B "--smart"
-if present, OSF will use some smartness to determine remote OS.
-OSF will use initial TTL only if source of connection is in our local network.
-.B "--netlink"
-If present, OSF will log all events also through netlink NETLINK_NFLOG groupt 1.
-.BI "--genre " "[!] string"
-Match a OS genre by passive fingerprinting
-#iptables -I INPUT -j ACCEPT -p tcp -m osf --genre Linux --log 1 --smart
-NOTE: -p tcp is obviously required as it is a TCP match.
-Fingerprints can be loaded and read through /proc/sys/net/ipv4/osf file.
-One can flush all fingerprints with following command:
-echo -en FLUSH > /proc/sys/net/ipv4/osf
-Only one fingerprint per open/write/close.
-Fingerprints can be downloaded from