-
October 1st, 2003, 01:26 AM
#1
p0f 2.0.2
Hey Hey,
I haven't seen anything on this... So here's an update for y'all. I usually don't upgrade until I see something on here or packetstorm and figure some of ya are the same, so here's mention of it.
p0f v. 2.0.2 is available for download from http://lcamtuf.coredump.cx/p0f.shtml.
I recieved an email from the nmap-hackers mailing list regarding it and here's what Fyodor had to say.
I noticed that Michal Zalewski has released a new version of P0f to
include many more passive OS detection techniques. Although this is
very different than the active Nmap approach, many of the techniques
can easily apply to active probing. I have been discussing them with
Michal and will probably add several to Nmap along with a list of
other OS detection tests I have been keeping. In particular, the
closed-TCP-port reset tests would be valuable against hosts that have
no reachable open ports. The use of the URG pointer and the WSS to
MSS/MTU correlation also have strong potential. This probably won't
happen until 2004 though, after version detection has stabilized and
some other Nmap-related projects are finished.
Some info on the new release
Among other things, p0f v2 introduces SYN+ACK and RST+ support, advanced masquerade detection, major performance and reliability improvements, 16 new packet checks (many of them invented for p0f), a number of fingerprinting extensions (link detection, network detection, fw detection, ECN handling, source network detection, etc), a considerably more accurate and thought out OS database with wildcard support, service integration support, many usability features, some fairly important bug fixes.
I installed it on my home network and even with only a few captures, I'm already most impressed with it's abilities. I'd have to say everyone check it out. There is also a windows binary available on the website (as well as compile directions for Windows) but I have had some issues getting that version to run.
-
October 1st, 2003, 05:28 AM
#2
Senior Member
downloading now.....
thanks
what are some of the issues with the windows binary?
-
October 1st, 2003, 05:35 AM
#3
It's more my computers issues. I've had a heck of a time with WinPcap and DSL. It doesn't like the PPPoE and i think that was the issue more than anything.
-
October 1st, 2003, 06:11 AM
#4
Passive OS fingerprinting! w00t! I didn't know it could be done! My comp. security professor will have a field day with this. We should actually be able to use it from behind our school firewall!
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|