fingerprint – Host Fingerprinting

March 26, 2020 Contributors

Passive OS fingerprinting is installed as part of the Policy Tools suite. This functionality yields information about inbound connections. For more information about installing the Policy Tools suite see “Installing Additional Packages”.

The Host Fingerprint module performs passive OS fingerprinting based on the incoming SMTP connections and exposes the resulting information through a Sieve action.

Momentum version 3.3 uses version 2.0.8 of Passive OS fingerprinting.

Configuration

fingerprint "fingerprint1" {
  max_cache_size = 10000
}

max_cache_size

The max_cache_size option specifies the maximum size of the cache of common hosts. The default value for this option is 10000.

**Configuration Change. ** This feature is available starting from Momentum 3.0.24.

Passive operating system fingerprinting runs as a daemon that Momentum communicates with over a socket, /tmp/p0fd. This daemon is started using the command: /etc/init.d/msys-p0f start . The fingerprints are all included in the msys-p0f package and are located here: /opt/msys/3rdParty/etc/p0f/. These fingerprints do not need to be modified.

Operational Example

The Host Fingerprint module exposes Sieve functionality. This functionality is explained in: ec_host_fingerprint.