Wednesday, December 8, 2010

Passive OS fingerprint, smartphone detection

I recently started a service that allows smartphone users to connect to one of my networks over PPTP to hide their origins. To ensure users are not trying to use the service on computers, I figured some passive OS fingerprinting would be in place.

p0f -i ppp0
p0f - passive os fingerprinting utility, version 2.0.8
(C) M. Zalewski , W. Stearns
p0f: listening (SYN) on 'ppp0', 262 sigs (14 generic, cksum 0F1F5CA2), rule: 'all'.

# Iphone 3GS, iOS 4.1
10.100.200.100:52900 - UNKNOWN [65535:64:1:64:M1404,N,W2,N,N,T,S,E:P:?:?] (up: 121 hrs)
-> 1.2.3.4:80 (link: unknown-1444).

# android 2.2, HTC Desire
10.100.200.100:48885 - UNKNOWN [S44:64:1:60:M1356,S,T,N,W1:.:?:?] (NAT!) (up: 3 hrs)
-> 1.2.3.4:80 (link: unknown-1396)