Hi, can I deny the access to my server for a specific OS? I have one
PC which I want to give it acces from winxp, but if it’s boot into
ubuntu I want to deny all access to my server, same IP, same ethernet card
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
> Hi, can I deny the access to my server for a specific OS? I have one
> PC which I want to give it acces from winxp, but if it’s boot into
> ubuntu I want to deny all access to my server, same IP, same ethernet card
>
What about giving two differnet ip adresses to the machine in ubuntu and
winxp and allow access from one ip and not from the other?
–
openSUSE 11.2 64 bit | Intel Core2 Quad Q8300@2.50GHz | Gnome 2.28 | GeForce
9600 GT | 4GB Ram
openSUSE 11.3 64 bit | Intel Core2 Duo T9300@2.50GHz | Gnome 2.30 | Quadro
FX 3600M | 4GB Ram
Since the server has no knowledge about the operating system on the client
which wants to have access (btw what do you mean by “access”, file sharing,
ssh, cups ???), if you don’t want to use two adresses (you do not state if
this is a description of the status quo and subject to change or an
essential requirement) use certificates.
–
openSUSE 11.2 64 bit | Intel Core2 Quad Q8300@2.50GHz | Gnome 2.28 | GeForce
9600 GT | 4GB Ram
openSUSE 11.3 64 bit | Intel Core2 Duo T9300@2.50GHz | Gnome 2.30 | Quadro
FX 3600M | 4GB Ram
This sounds strange… if I understand you correctly you want something
to be able to access windows but not Ubuntu on the same box when you
reboot. If that’s the case then the firewall of each OS will protect each
OS and not the other. Open windows and close Ubuntu.
If, however, you want a remote box to restrict access to itself based on
the clients, think about that one a little more. What is going to tell
the server which OS the client is? The client of course. What if the
client lies? If that is the case the server can do nothing about it.
Security should be the same in either case; don’t trust the client because
of its OS when it’s internal to your network any more than when it’s
coming at you from the Internet. What you’re proposing is, by definition,
security by obscurity, which is the weakest form of security (assuming
it’s counted as security at all).
Good luck.
On 08/26/2010 10:52 AM, VampirD wrote:
> Hi, can I deny the access to my server for a specific OS? I have one
> PC which I want to give it acces from winxp, but if it’s boot into
> ubuntu I want to deny all access to my server, same IP, same ethernet card
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Just as I think, I hate when normal user have boss permission to
install pc and then they play with the server
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
On 2010-08-26 19:35, VampirD wrote:
> Just as I think, I hate when normal user have boss permission to
> install pc and then they play with the server
The only way would be track that computer with a tool that attempts to connect to it, tracking its
responses to attempt guessing what OS is behind. For example, with nmap, and a script you have to
design yourself.
In windows I have seen tools that guess the OS of each machine on a network, even telling you the
level of patching the windows machines have, and what vulnerabilities they have (un)covered. I
suppose that tool will also report if a machine change operating system. I don’t remember the name
of that tool… :-?
In linux there is “ntop”, which does also some guessing of the OS in the network, but only
listening. And there is nmap, of course.
Machines often do broadcasts. Probably they can also be tracked. Samba, cups…
In any case, it is quite more complicated than a firewall.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))
> On 2010-08-26 19:35, VampirD wrote:
>> Just as I think, I hate when normal user have boss permission to
>> install pc and then they play with the server
>
> The only way would be track that computer with a tool that attempts to
> connect to it, tracking its responses to attempt guessing what OS is
> behind. For example, with nmap, and a script you have to design
> yourself.
>
> In windows I have seen tools that guess the OS of each machine on a
> network, even telling you the level of patching the windows machines
> have, and what vulnerabilities they have (un)covered. I suppose that
> tool will also report if a machine change operating system. I don’t
> remember the name of that tool… :-?
On 2010-08-29 11:52, Per Jessen wrote:
> Carlos E. R. wrote:
>> In windows I have seen tools that guess the OS of each machine on a
>> network, even telling you the level of patching the windows machines
>> have, and what vulnerabilities they have (un)covered. I suppose that
>> tool will also report if a machine change operating system. I don’t
>> remember the name of that tool… :-?
>
> Maybe p0f ?
I vaguely remember a longer name, but it could be. I just had a look on wikipedia and it sounds like
it. There is a linux version, too, they say - but webpin doesn’t find it.
Mmm… the one I saw also learnt the patching level of the windows machines, and active
vulnerabilities available (!). I doubt p0f does that, as it may need some active poking :-?
Is it a GUI? The one I saw certainly was.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))
> On 2010-08-29 11:52, Per Jessen wrote:
>> Carlos E. R. wrote:
>
>
>>> In windows I have seen tools that guess the OS of each machine on a
>>> network, even telling you the level of patching the windows machines
>>> have, and what vulnerabilities they have (un)covered. I suppose that
>>> tool will also report if a machine change operating system. I don’t
>>> remember the name of that tool… :-?
>>
>> Maybe p0f ?
>
> I vaguely remember a longer name, but it could be. I just had a look
> on wikipedia and it sounds like it. There is a linux version, too,
> they say - but webpin doesn’t find it.
There is, I’ve got it.
> Mmm… the one I saw also learnt the patching level of the windows
> machines, and active vulnerabilities available (!). I doubt p0f does
> that, as it may need some active poking :-?