Hi Mark, > > I'm aware that it's possible to block OS's using their DHCP fingerprint. > > Ideally, I'd like to block OSX versions prior to 10.6 (Snow Leopard)
OSX DHCP fingerprints have been really uniform prior to Lion so you won't be able to differentiate between 10.6 and 10.5 (and maybe even back to 10.4). You would have to look in the snort direction. Maybe there's a policy rule from the emerging threats guys that could do it. Otherwise there is the User-Agent fingerprints but I don't think they are that granular at this point (and they are the easiest to spoof) and once you passed the portal, no longer relevant. Regards, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
