p0f 2.0.2
Results 1 to 4 of 4

Thread: p0f 2.0.2

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    p0f 2.0.2

    Hey Hey,

    I haven't seen anything on this... So here's an update for y'all. I usually don't upgrade until I see something on here or packetstorm and figure some of ya are the same, so here's mention of it.

    p0f v. 2.0.2 is available for download from http://lcamtuf.coredump.cx/p0f.shtml.

    I recieved an email from the nmap-hackers mailing list regarding it and here's what Fyodor had to say.

    I noticed that Michal Zalewski has released a new version of P0f to
    include many more passive OS detection techniques. Although this is
    very different than the active Nmap approach, many of the techniques
    can easily apply to active probing. I have been discussing them with
    Michal and will probably add several to Nmap along with a list of
    other OS detection tests I have been keeping. In particular, the
    closed-TCP-port reset tests would be valuable against hosts that have
    no reachable open ports. The use of the URG pointer and the WSS to
    MSS/MTU correlation also have strong potential. This probably won't
    happen until 2004 though, after version detection has stabilized and
    some other Nmap-related projects are finished.

    Some info on the new release

    Among other things, p0f v2 introduces SYN+ACK and RST+ support, advanced masquerade detection, major performance and reliability improvements, 16 new packet checks (many of them invented for p0f), a number of fingerprinting extensions (link detection, network detection, fw detection, ECN handling, source network detection, etc), a considerably more accurate and thought out OS database with wildcard support, service integration support, many usability features, some fairly important bug fixes.

    I installed it on my home network and even with only a few captures, I'm already most impressed with it's abilities. I'd have to say everyone check it out. There is also a windows binary available on the website (as well as compile directions for Windows) but I have had some issues getting that version to run.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    downloading now.....

    thanks

    what are some of the issues with the windows binary?

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    It's more my computers issues. I've had a heck of a time with WinPcap and DSL. It doesn't like the PPPoE and i think that was the issue more than anything.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Passive OS fingerprinting! w00t! I didn't know it could be done! My comp. security professor will have a field day with this. We should actually be able to use it from behind our school firewall!
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •