Tree - source-git/iptables - CentOS Git server

source-git / iptables

Blame extensions/libxt_osf.man

Blob History Raw

Packit Service	d1fe03	`The osf module does passive operating system fingerprinting. This modules`
Packit Service	d1fe03	`compares some data (Window Size, MSS, options and their order, TTL, DF,`
Packit Service	d1fe03	`and others) from packets with the SYN bit set.`
Packit Service	d1fe03	`.TP`
Packit Service	d1fe03	`[\fB!\fP] \fB\-\-genre\fP \fIstring\fP`
Packit Service	d1fe03	`Match an operating system genre by using a passive fingerprinting.`
Packit Service	d1fe03	`.TP`
Packit Service	d1fe03	`\fB\-\-ttl\fP \fIlevel\fP`
Packit Service	d1fe03	`Do additional TTL checks on the packet to determine the operating system.`
Packit Service	d1fe03	`\fIlevel\fP can be one of the following values:`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`0 - True IP address and fingerprint TTL comparison. This generally works for`
Packit Service	d1fe03	`LANs.`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`1 - Check if the IP header's TTL is less than the fingerprint one. Works for`
Packit Service	d1fe03	`globally-routable addresses.`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`2 - Do not compare the TTL at all.`
Packit Service	d1fe03	`.TP`
Packit Service	d1fe03	`\fB\-\-log\fP \fIlevel\fP`
Packit Service	d1fe03	`Log determined genres into dmesg even if they do not match the desired one.`
Packit Service	d1fe03	`\fIlevel\fP can be one of the following values:`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`0 - Log all matched or unknown signatures`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`1 - Log only the first one`
Packit Service	d1fe03	`.IP \(bu 4`
Packit Service	d1fe03	`2 - Log all known matched signatures`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`You may find something like this in syslog:`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 ->`
Packit Service	d1fe03	`11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -> 1.2.3.5:22 hops=4`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`OS fingerprints are loadable using the \fBnfnl_osf\fP program. To load`
Packit Service	d1fe03	`fingerprints from a file, use:`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`\fBnfnl_osf -f /usr/share/xtables/pf.os\fP`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`To remove them again,`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`\fBnfnl_osf -f /usr/share/xtables/pf.os -d\fP`
Packit Service	d1fe03	`.PP`
Packit Service	d1fe03	`The fingerprint database can be downloaded from`
Packit Service	d1fe03	`http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os .`

source-git / iptables

Source Code

Blame extensions/libxt_osf.man