Custom App-ID for XP OS?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Custom App-ID for XP OS?

L0 Member

Has anyone written a Custom App-ID to identify XP OS, and more specifically browser based access.  I would like to identify any XP, but realize I may only be able to see via browser headers.

2 REPLIES 2

L0 Member

Scott,

This should be workable.  The "User-Agent" header, which is part of a HTTP stream would contain this data. Looks like XP will show as the following: 'Windows XP' => '(Windows NT 5.1)|(Windows XP)',

A little testing with WireShark and some web searches should get you on your way.  If you need additional help with your custom signature please reference our DevCenter via the link below. 

DevCenter

L3 Networker

As said before, User-Agent in HTTP Header is the only practical way to identify XP. Be aware that the User Agent may be faked.

By the way:

May be it is better to use Custom Vulnerability instead of Custom App.

This way you can identify the "Threat" XP 😉

If you use Custom App you will overwrite the whole App-Engine

which means all http Traffic will be identified as XP instead of facebook,google,youtube ......

Custom App and Custom Vulnerability work the same way when you define your own Signatures.

Regards

Marco

(edit)

There is already a sample in Dev Forum

Custom vulnerability signature for identifying Windows XP clients

  • 2008 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!