[69700] in North American Network Operators' Group
Re: Blocking Win95 hosts [WAS: Lazy network operators - NOT]
daemon@ATHENA.MIT.EDU (Matt Hess)
Mon Apr 19 01:29:12 2004
Date: Sun, 18 Apr 2004 23:28:32 -0600
From: Matt Hess <mhess@solarius.org>
To: nanog@merit.edu
In-Reply-To: <845B97CE-91B6-11D8-9048-000A9578BB58@ianai.net>
Errors-To: owner-nanog-outgoing@merit.edu
I think something like this would be best (safest?) used on collection
mx hosts.. hosts that clients would not connect with to send mail.. just
other servers delivering mail inward.. I personally can't imagine why
someone would want to use a win95/98/Me system as a mta.. so this
probably would be a rather interesting idea worth testing out. If
nothing else the collateral in the above scenario would probably be very
low.
And of course the fingerprint list they have has a quite a few systems
from aix to zaurus.
Patrick W.Gilmore wrote:
>
> On Apr 18, 2004, at 11:40 PM, Matt Hess wrote:
>
>> <late-night-humor>
>> I was amused at this and decided to look real quick.. OpenBSD's pf can
>> block on OS fingerprints.. effectively doing exactly what you are
>> kidding about (at least I'd hope so.. well, maybe) even in the man
>> page example they put:
>>
>> # Do not allow Windows 9x SMTP connections since they are typically
>> # a viral worm. Alternately we could limit these OSes to 1 connection
>> each.
>> block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \
>> to any port smtp
>>
>> The OS fingerprint list they have is rather extensive..
>> </late-night-humor>
>
>
> Ya know, I do not think that is such a bad idea.
>
> Does anyone have any stats on the number of "real" MTAs that use Win9x?
> Or of the "real" MTAs that show up as Win9x on this fingerprint?
>
