Re: [exim] OS Fingerprint Email

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Kelley Reynolds, Exim Mailing List
Subject: Re: [exim] OS Fingerprint Email


--On 19 June 2006 10:23:38 +0100 Ian Eiloart <iane@???> wrote:

>
>
> --On 17 June 2006 19:18:14 -0400 Kelley Reynolds
> <kelley@???> wrote:
>
>> For those of you interested, I've outlined a method for OS
>> Fingerprinting E-mail using FreeBSD and PF .. the details can be found
>> at
>>
>> http://blog.insidesystems.net/articles/2006/06/06/OS-Fingerprinting-
>> Email
>>
>
> Er, that's:
>
>

<http://blog.insidesystems.net/articles/2006/06/06/OS-Fingerprinting-Email>

And, it isn't terribly exciting. The most important fact here is that you
can't obtain a fingerprint for 70% of incoming mail, and most of the rest
identifies as from AIX hosts.

Oh, yes Contiki is an operating system <http://www.sics.se/~adam/contiki/>

One question that the article looks at is whether much of our spam comes
from "networks of infected zombie Windows machines" but, it doesn't seem to
look at the question of whether the OS identified is that of the
originating host, or some ISP router or NAT host. I don't know enough about
routing to make a guess about that.


> --
> Ian Eiloart
> IT Services, University of Sussex




--
Ian Eiloart
IT Services, University of Sussex