PfSense OS Fingerprint

  • Hello,

    I have a pfSense router setup on a College Campus, in order to consolidate all of my traffic down to one IP address. Yes, I have permission to do this, even as a student (working in the department has it's perks). So my school uses Aruba Clearpass with 802.1x auth on the LAN, and I was able to get it to connect using my username and password in wpa_supplicant, all is fine in that regard. However, for all (other) devices, we are able to see device information within Clearpass (like the device type, OS Family and name, etc), but with pfSense, everything is listed as 'unknown.' From what I have found, this is due to DHCP fingerprinting and HTTP header analysis. Is there a way to spoof the fingerprint of the pfSense machine to report that it is a Windows client instead of being unknown? The reason I would want to do this is to mask the type of device it is, as soon we are about to enforce a policy where if it is an 'unknown' device, it will be rejected.

  • LAYER 8 Global Moderator

    Is it most likely looking at options 60 and 61 in the dhcp… I would have to do a sniff I don't think pfsense prob sends that?  Or if they do its not in the known lists of your aruba stuff.  Maybe you can an option there?

    They added some options in the gui to manipulate some setting for the dhcp.. If you click the advanced you might be able to setup the options you want to send so that pfsense is identified as what you want..

Log in to reply