Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: passive OS fingerprinting to assist spam detection



 Ward Vandewege wrote: 
>> What are you using to integrate p0f with your MTA? 
> 
> Just a bunch of exim rules that call a (slightly modified version of) the p0f 
> client. 

What p0f client? The readme referenced a sample query client command 
line tool (p0fq). Is it that? So each inbound message fires off a 
command line process? 

Doesn't exim support milters or something similar to Postfix's policy 
servers? Having a little Perl daemon provide the glue between one of 
those interfaces and the p0f socket seems like the way to go. 


>> What specific rules are you using? 
> 
> I'm doing selective greylisting. If the other side runs Windows, I greylist. 

OK, but are you using the p0f option to generally categorize the OS 
(-D), rather than trying to determine the specific OS? Are you doing 
anything with the link type data? 


> ...afaict there are no vista signatures in the default 
> p0f database. 

Ack, looks like the package I'm playing with has databases that date 
back to 2004. No wonder. 

Though the ones from the main site (both production and development 
snapshot) are from 2006. 

Is there a source for better signature databases? 

  -Tom 

-- 
Tom Metro 
Venture Logic, Newton, MA, USA 
"Enterprise solutions through open source." 
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org