I think something like this would be best (safest?) used on collection mx hosts.. hosts that clients would not connect with to send mail.. just other servers delivering mail inward.. I personally can't imagine why someone would want to use a win95/98/Me system as a mta.. so this probably would be a rather interesting idea worth testing out. If nothing else the collateral in the above scenario would probably be very low. And of course the fingerprint list they have has a quite a few systems from aix to zaurus. Patrick W.Gilmore wrote:
On Apr 18, 2004, at 11:40 PM, Matt Hess wrote:
<late-night-humor> I was amused at this and decided to look real quick.. OpenBSD's pf can block on OS fingerprints.. effectively doing exactly what you are kidding about (at least I'd hope so.. well, maybe) even in the man page example they put:
# Do not allow Windows 9x SMTP connections since they are typically # a viral worm. Alternately we could limit these OSes to 1 connection each. block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \ to any port smtp
The OS fingerprint list they have is rather extensive.. </late-night-humor>
Ya know, I do not think that is such a bad idea.
Does anyone have any stats on the number of "real" MTAs that use Win9x? Or of the "real" MTAs that show up as Win9x on this fingerprint?