Doing something with OS fingerprint?

Jochen Bern Jochen.Bern at binect.de
Mon Feb 22 20:54:06 AEDT 2021


On 21.02.21 06:37, Stef Bon wrote:
> Hi,
> 
> in the iptables subsystem of Linux it's possible to get the
> fingerprint of the peer OS.
> See:
> 
> man iptables-extensions
> under osf
> 
> If this information is available it's possible to adjust behaviour (a
> little) to meet the peer's flaws and maybe bugs. Have you ever thought
> about that?

My - admittedly first ever - thoughts on that:

-- Doesn't OpenSSH already parse the peer's Hello String for that
   purpose?
-- (The possibility of SSH software other than the OS default being
   installed has already been mentioned)
-- osf can also differ from defaults (own fingerprint files being
   loaded, --ttl param etc.)
-- Just because the kernel('s iptables implementation) has that info
   doesn't mean that ssh(d) can easily get it
-- Not to forget non-Linux systems ...

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210222/773504e0/attachment.p7s>


More information about the openssh-unix-dev mailing list