0

What do I need to learn/know to throttle a clients network based on his/her operating system.

For example:

  • Someone in my network using Kali Linux... I would like to throttle their traffic to trickle state. Is it possible to do this?
  • If its possible, what ways can the client spoof their OS.. ie: Kali Linux shows up as Windows XP (deterring OS scanning tools)
Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
user10975
  • 1
  • Why not just use MAC address? If you use a MAC address white-list and assign the guy a particular MAC, he won't be able to change it and you'll easily detect any activity from that computer. – Jeff-Inventor ChromeOS Aug 09 '14 at 23:41

1 Answers1

1

It is possible to fingerprint the OS to some level, but you won't be able to differentiate Kali Linux from Ubuntu/Red Hat. Or between some Windows versions.

On the other hand detecting the behavior (eg. a port scan) instead of the OS would be simpler.

If you are happy with the detection quality and don't mind some false positives, eg. that your boss new smartphone gets misidentified as a malicious OS, I would recommend using p0f.

Ángel
  • 17,578
  • 3
  • 25
  • 60
  • Thank you for your suggestion. I'll look into hand detecting. And as far as pOf goes, if you were sniffing around my network what tool would you use in order to change your OS identification to get around pOf? – user10975 Aug 10 '14 at 02:31