Re: [tool] the new p0f 2.0.1 is now out

[Ron DuFresne <dufresne () winternet com>]

On Fri, 5 Sep 2003, Peter van den Heuvel wrote:

> Hi,
>
> UDP port 53 gets queried on several of the firewalls that I maintain
> (and that do not provide any domain name services) from netblocks that
> are owned by microsoft and realmedia (mostly). None of the machines
> behind these firewalls are allowed any external DNS directly. The
> queries are rather massive (thousands per week).
>
> Searches on google did not turn up anything and I don't remember seeing
> anything on the lists either (though I migh have prematurely deleted
> something relevant because of the noise ;^)
>
> It does not realy hurt us, but I'm still quite curious what this
> actually is. Anybody got a pointer?


Marcus Ranum did a writeup on this tool an issue or two back in the
information security mag;

http://infosecuritymag.techtarget.com/2003/jun/cooltools.shtml

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html