Filter
Top Products
App Control Use Cases
706
SonicOS 5.8.1 Administrator Guide
The hexadecimal data can be exported to a text file for trimming off the packet header,
unneeded or variable parts and spaces. The relevant portion here is “Microsoft… reserved.”
You can use the Wireshark hexadecimal payload export capability for this. For information
about Wireshark, see “Wireshark” on page 674.
Creating a Match Object
The following hexadecimal characters are entered as the object content of the match object
representing the Vista command prompt banner:
4D6963726F736F66742057696E646F7773205B56657273696F6E20362E302E363030305D0
D0A436F70797269676874202863292032303036204D6963726F73667420436F72706F7261
74696F6E2E
Note that fingerprint export and the match object definition do not really need to use
hexadecimal notation here (the actual signature is ASCII text in this case). Hexadecimal is only
required for binary signatures.
Similar entries are obtained in the same manner from Windows 2000 and Windows XP hosts
and used to create other match objects, resulting in the three match objects shown below:
Other examples for Windows Server 2003 or any other Windows version may be easily
obtained using the described method.
Linux/Unix administrators will need to customize the default environment variable in order to
take advantage of this signature based defense, as the default prompt is typically not
sufficiently specific or unique to be used as described above.