On Wed, Oct 18, 2006 at 05:09:12PM +0200, ropers wrote:
> On 18/10/06, stuartv <[EMAIL PROTECTED]> wrote:
> >I have one firewall that is on an external audit/scan list that the people
> >who actually do our audits doesn't believe really even exists because they
> >can't even find it. Basically it has EVERYTHING locked down tight as a
> >drum
> >and allows only a few things through to and from very specific places.
>
> Just a curious guess:
> Is that box a packet filtering bridge with two NICs and no IP
> addresses assigned?
>
> On a related note:
> Does anyone have an educated guess on whether it's possible to
> OS-fingerprint such bridges? (It shouldn't be, right?)
I can imagine that different OSes might react in different way to
malformed packets; this could also apply to L2, and would likely be
noticeable on bridges using L3 filtering (i.e., pf).
Of course, this is not a practical answer.
Joachim
