summaryrefslogtreecommitdiff
path: root/share/man/man5/pf.conf.5
diff options
context:
space:
mode:
authorDavid Krause <david@cvs.openbsd.org>2003-08-22 04:54:14 +0000
committerDavid Krause <david@cvs.openbsd.org>2003-08-22 04:54:14 +0000
commit77f644f737032f40ad5278aa8f84788e68191d70 (patch)
tree8a3894dc2c175ac7f036810c5f476aa25f452695 /share/man/man5/pf.conf.5
parente4bec66c02e6b996b279ae565e4073da187f1eec (diff)
spelling
Diffstat (limited to 'share/man/man5/pf.conf.5')
-rw-r--r--share/man/man5/pf.conf.58
1 files changed, 4 insertions, 4 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 8f9ac54d041..76bc0eda7bf 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.264 2003/08/21 19:12:59 frantzen Exp $
+.\" $OpenBSD: pf.conf.5,v 1.265 2003/08/22 04:54:13 david Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -1740,7 +1740,7 @@ pass in proto tcp from any to any \e
.Sh OPERATING SYSTEM FINGERPRINTING
Passive OS Fingerprinting is a mechanism to inspect nuances of a TCP
connection's initial SYN packet and guess at the host's operating system.
-Unfortunately these nuaces are easily spoofed by an attacker so the
+Unfortunately these nuances are easily spoofed by an attacker so the
fingerprint is not useful in making security decisions.
But the fingerprint is typically accurate enough to make policy decisions
upon.
@@ -1768,7 +1768,7 @@ size and would be specified like
.Pp
Fingerprints for most popular operating systems are provided by
.Xr pf.os 5 .
-Once
+Once
.Xr pf 4
is running, a complete list of known operating system fingerprints may
be listed by running:
@@ -1798,7 +1798,7 @@ pass on lo0 proto tcp from any os "OpenBSD 3.3 lo0" keep state
.Pp
Operating system fingerprinting is limited only to the TCP SYN packet.
This means that it will not work on other protocols and will not match
-a curretly established connection.
+a currently established connection.
.Pp
Caveat: operating system fingerprints are occasionally wrong.
There are three problems: an attacker can trivially craft his packets to