2012-09-10 02:21:46 UTC
There are some sort of Passive OS Fingerprinting implements,
pof v3 (http://lcamtuf.coredump.cx/p0f3/) is one of that, and
do light-weight, very quick response in my environment.
I don't know the detail history of this app, there is
a simple API for utilize information of the other-end OSes.
Many experiences that possible bot machines running 'Doze OS
and if we can identify that, we could reduce cost of checking
I know that Microsoft themselves running such OS in their
service environment, we should be careful about the result
of p0f's and we might fine tune fingerprints for a while.
And, also know that there are some implements as milter or
policy daemon utilizing p0f. I think that p0f's quickness
and stand points of connection checking, it has good reason
to cope with postscreen.
Attachement is a patch against postscreen implementing I/F to
p0f daemon, and do DROP/ENFORCE/IGNORE as well as other
checking methods. (diff to postfix-2.10-20120902)
If you would like test, you must get/compile/install p0f
first as instructed in
I had setup on Linux machine, local unix socket, it's work
very fast like memcached.
If you install p0f, don't forget sending chocolate to the author ;-p