Filtering OS Fingerprints Source OS only Looks at initial TCP packet Based on p0f, by lcamtuf@coredump.cx Can filter by general OS or specific version/patchlevel Can be spoofed A policy tool, not a security tool