Passive OS fingerprint, smartphone detection

I recently started a service that allows smartphone users to connect to one of my networks over PPTP to hide their origins. To ensure users are not trying to use the service on computers, I figured some passive OS fingerprinting would be in place.

p0f -i ppp0
p0f - passive os fingerprinting utility, version 2.0.8
(C) M. Zalewski , W. Stearns
p0f: listening (SYN) on 'ppp0', 262 sigs (14 generic, cksum 0F1F5CA2), rule: 'all'.

# Iphone 3GS, iOS 4.1
10.100.200.100:52900 - UNKNOWN [65535:64:1:64:M1404,N,W2,N,N,T,S,E:P:?:?] (up: 121 hrs)
-> 1.2.3.4:80 (link: unknown-1444).

# android 2.2, HTC Desire
10.100.200.100:48885 - UNKNOWN [S44:64:1:60:M1356,S,T,N,W1:.:?:?] (NAT!) (up: 3 hrs)
-> 1.2.3.4:80 (link: unknown-1396)

syslog-ng by example

1) make sure udp listener is on
netstat -anop|grep 514

2) If not, add udp(); as source to syslog-ng.conf

# udp source
source s_udp {
udp();
};

3) create a destination
destination d_name { file("/var/log/file.log"); };

4) create a filter
filter f_name {
host("192.168.123.123")
and facility(auth,authpriv);
};

5) Create the logging for the filter to the destination
log {
source(s_udp);
filter(f_name);
destination(d_name);
};

Do add the remote logging on the servers, if needed tcpdump on the syslog-ng server to verify that log entries come in.