From b1f568309a09e61f892dee3c23279cecff0b0ff4 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 10 Jan 2007 14:53:55 +0000 Subject: Remove extensions for unmaintained/obsolete patchlets --- extensions/libipt_osf.man | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) delete mode 100644 extensions/libipt_osf.man (limited to 'extensions/libipt_osf.man') diff --git a/extensions/libipt_osf.man b/extensions/libipt_osf.man deleted file mode 100644 index 38d25a03..00000000 --- a/extensions/libipt_osf.man +++ /dev/null @@ -1,47 +0,0 @@ -The idea of passive OS fingerprint matching exists for quite a long time, -but was created as extension fo OpenBSD pf only some weeks ago. -Original idea was lurked in some OpenBSD mailing list (thanks -grange@open...) and than adopted for Linux netfilter in form of this code. - -Original fingerprint table was created by Michal Zalewski . - -This module compares some data(WS, MSS, options and it's order, ttl, -df and others) from first SYN packet (actually from packets with SYN -bit set) with dynamically loaded OS fingerprints. -.TP -.B "--log 1/0" -If present, OSF will log determined genres even if they don't match -desired one. -0 - log all determined entries, -1 - only first one. - -In syslog you find something like this: -.IP -ipt_osf: Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -> 11.22.33.44:139 -.IP -ipt_osf: Unknown: 16384:106:1:48:020405B401010402 44.33.22.11:1239 -> 11.22.33.44:80 -.TP -.B "--smart" -if present, OSF will use some smartness to determine remote OS. -OSF will use initial TTL only if source of connection is in our local network. -.TP -.B "--netlink" -If present, OSF will log all events also through netlink NETLINK_NFLOG groupt 1. -.TP -.BI "--genre " "[!] string" -Match a OS genre by passive fingerprinting -.P -Example: - -#iptables -I INPUT -j ACCEPT -p tcp -m osf --genre Linux --log 1 --smart - -NOTE: -p tcp is obviously required as it is a TCP match. - -Fingerprints can be loaded and read through /proc/sys/net/ipv4/osf file. -One can flush all fingerprints with following command: -.IP -echo -en FLUSH > /proc/sys/net/ipv4/osf -.P -Only one fingerprint per open/write/close. - -Fingerprints can be downloaded from http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os -- cgit v1.2.3