[69696] in North American Network Operators' Group
Blocking Win95 hosts [WAS: Lazy network operators - NOT]
daemon@ATHENA.MIT.EDU (Patrick W.Gilmore)
Mon Apr 19 00:29:06 2004
In-Reply-To: <40834A30.3080207@solarius.org>
Cc: Patrick W.Gilmore <patrick@ianai.net>
From: Patrick W.Gilmore <patrick@ianai.net>
Date: Mon, 19 Apr 2004 00:03:29 -0400
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Apr 18, 2004, at 11:40 PM, Matt Hess wrote:
> <late-night-humor>
> I was amused at this and decided to look real quick.. OpenBSD's pf can
> block on OS fingerprints.. effectively doing exactly what you are
> kidding about (at least I'd hope so.. well, maybe) even in the man
> page example they put:
>
> # Do not allow Windows 9x SMTP connections since they are typically
> # a viral worm. Alternately we could limit these OSes to 1 connection
> each.
> block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"}
> \
> to any port smtp
>
> The OS fingerprint list they have is rather extensive..
> </late-night-humor>
Ya know, I do not think that is such a bad idea.
Does anyone have any stats on the number of "real" MTAs that use Win9x?
Or of the "real" MTAs that show up as Win9x on this fingerprint?
--
TTFN,
patrick
