OS fingerprint. Especially effective in many spoofed attacks. For example, Linux is a totally legitimate operating system, but are the 10,000 Linux-based connections to your JK2 server all that likely to be valid during a DDoS? I thought your typical ddos botnet consists mainly of infected windows ...