anyone using p0f on a large scale?

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Hi
I am toying with the idea of running p0f on my network sensors and feeding all the data back to a single db.  

I was wondering if anyone is doing this already or has tried and given up?

I have tried to find out about how often updates are made (reading p0f.c) but have not reached any conclusions and 
don't want to spend too much time on this. 

In the longer term I want to supplement the data base with a table of ports that we see data going to (i.e. listening 
ports) at least in some ranges. Or have something smart enough to detect and tag p2p traffic...

Cheers


Russell Fulton

Information Security Officer, The University of Auckland
New Zealand