Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: [tool] the new p0f 2.0.1 is now out

From: "Parker, Jeff (MSE)" <jeff.t.parker () hp com>
Date: Thu, 4 Sep 2003 15:11:01 -0400
Umer,

Running p0f does not necessarily offer a stimulus/response test.

Regarding detecting a machine with p0f installed/running, you may have
better success simply trying to detect for any network adapter in
promiscuous mode.  And there's tons of info available on that...

HTH,
-jeff parker

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of thetic
Sent: Thursday, September 04, 2003 2:20 PM
To: Michal Zalewski; honeypots () securityfocus com;
pen-test () securityfocus com; focus-ids () securityfocus com;
sectools () securityfocus com
Cc: incidents () securityfocus com; bugtraq () securityfocus com;
full-disclosure () netsys com
Subject: [Full-disclosure] Re: [tool] the new p0f 2.0.1 is now out


Question concerning the the POF, how can we setup a IDS to detect a POF
scan.

umer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: