[Samba] want to ban XP Home Edition
Malcolm Baldridge
google at paypc.com
Wed Jun 30 01:16:41 GMT 2004
> Just for sake of curiosity:
>
> Is that possible ?
> I'd like to support XP Pro *only* and to ban any other Windows OS
There are some very advanced networking stacks which allow you to specify
filtering based on TCP fingerprints. OpenBSD does, for example.
I don't know if XP Home and XP Pro have different enough fingerprints to
allow a reliable discrimination between them.
This is a puzzling request, though. I am assuming that these unwanted hosts
can change their ip#, thus evading firewall/smb.conf based access lists.
It's easier to distinguish between XP versus 2000 versus 95, 98, Me, and
NT4, etc. Those have rather different fingerprints.
If you don't use OpenBSD, I suppose you could make use of nmap to perform a
quick on-the-fly OS fingerprint and then pull up a firewall against that
ip#, thus blocking the unwanted user(s).
It seems to me that it'd be simpler to just allow access only from certain
domains, etc.
Malcolm
More information about the samba
mailing list