[Samba] want to ban XP Home Edition

Malcolm Baldridge google at paypc.com
Wed Jun 30 01:16:41 GMT 2004

> Just for sake of curiosity:
> Is that possible ? 
> I'd like to support XP Pro *only* and to ban any other Windows OS 

There are some very advanced networking stacks which allow you to specify
filtering based on TCP fingerprints.  OpenBSD does, for example.

I don't know if XP Home and XP Pro have different enough fingerprints to
allow a reliable discrimination between them.

This is a puzzling request, though.  I am assuming that these unwanted hosts
can change their ip#, thus evading firewall/smb.conf based access lists.

It's easier to distinguish between XP versus 2000 versus 95, 98, Me, and
NT4, etc.  Those have rather different fingerprints.

If you don't use OpenBSD, I suppose you could make use of nmap to perform a
quick on-the-fly OS fingerprint and then pull up a firewall against that
ip#, thus blocking the unwanted user(s).

It seems to me that it'd be simpler to just allow access only from certain
domains, etc.


More information about the samba mailing list