Andrew Court wrote:
> Thinking out loud, Nmap has an OS finger printing function using open
> ports. It needs at least one open and one closed port. Could he detect
> which port the request was made on, run an OS fingerprint scan with
> nmap, and if the result is probably a D-link, deny it access.
>> Obviously not all d-links are affected so allow some through. maybe
> just let 25% through regardless or something. Am i on a tea-trip or
> could this 'help'?
He actually addresses this (sort of):
"Filtering the D-Link packets requires inspection of fields which are
not simple to implement in Cisco routers, and in particular such
filtering seems to send all packets on the interface through the CPU
instead of fast switching, so ingress filtering the packets at the
ingress of AS1835 is totally out of the question."
It sounds like he has too much traffic and too little hardware for a
non-lightweight filtering solution.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!