Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: passive OS fingerprinting to assist spam detection



 On Sun, Jun 29, 2008 at 04:11:54PM -0400, Tom Metro wrote: 
> If you want to use this information in an application (like an MTA or   
> SMTP proxy), p0f caches information about recent connections in memory,   
> and provides a UNIX Domain socket interface that accepts queries   
> specifying a client address and port, and will return the fingerprint   
> info that matches that client connection. 
> 
> Another option is to use a firewall that integrates p0f. Available on   
> OpenBSD, or patches available for Linux netfilter. 
> 
>> I apply antispam rules that are much more strict when I see the 
>> machine on the other side of the TCP connection runs Windows. 
> 
> What are you using to integrate p0f with your MTA? 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org