Passive Fingerprinting

["Gonzalez, Albert" <albert.gonzalez () eds com>]

I believe that passive fingerprinting is very useful, I just don't see how
useful it is to judge attackers skills based on their
OS. The paper on Passive Fingerprinting[1] states the current limitation,
and im sure there are others. If i go ahead and 
change my default values in the kernel, how will you be able to judge me if
I make all the characteristics look like a windows
95 machine? If you're running honeypots, you should judge them by what they
did on your machine, and even then you shouldn't
judge them. I don't see the worthwhile of this project... 

Cheers!


[1] - http://project.honeynet.org/papers/finger/

These views are strickly my own, and not that of my employer.

---
Alberto Gonzalez 
EDS - Global Security Operations Center 
Security and Privacy Professional Services