Educause Security Discussion mailing list archives
anyone using p0f on a large scale?
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Tue, 16 Nov 2010 21:24:06 +1300
Hi I am toying with the idea of running p0f on my network sensors and feeding all the data back to a single db. I was wondering if anyone is doing this already or has tried and given up? I have tried to find out about how often updates are made (reading p0f.c) but have not reached any conclusions and don't want to spend too much time on this. In the longer term I want to supplement the data base with a table of ports that we see data going to (i.e. listening ports) at least in some ranges. Or have something smart enough to detect and tag p2p traffic... Cheers Russell Fulton Information Security Officer, The University of Auckland New Zealand
Current thread:
- anyone using p0f on a large scale? Russell Fulton (Nov 16)