Full Disclosure mailing list archives
Re: Re: [tool] the new p0f 2.0.1 is now out
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Fri, 5 Sep 2003 10:10:10 +0200 (CEST)
On Thu, 4 Sep 2003, morning_wood wrote:
i have used .. Archaeopteryx v.1.0 Copyright C 1999-2001, Sektor:Security Archaeopteryx is a Passive mode OS Identification Tool.
Siphon (on which this tool is, err, 'based', so to speak) was a very simple proof of concept utility. Neither Siphon, nor many other commercial and non-commercial passive OS fingerprinters (standalone or built-in), ever evolved past the point of checking DF and window size, and are hardly kept up to date, with a handful of vague signatures. P0f checks a total of over 20 packet characteristics, detects many complex dependencies (such as wss-mss correlation, a common practice nowadays) and is capable of recognizing the effects of certain network configurations and so on, is way more suited to work in a production system, etc. It is far superior to other implementations I am aware of. So there is no big deal, but the tool is an advance in this field, I believe, and is the only seriously maintained and extended implementation in the open-source area (and probably in the closed-source world, too)... live with it ;-) -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-09-05 09:52 -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [tool] the new p0f 2.0.1 is now out, (continued)
- Re: [tool] the new p0f 2.0.1 is now out thetic (Sep 04)
- Re: [tool] the new p0f 2.0.1 is now out Daniel Bartlett (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out Andreas Gietl (Sep 04)
- RE: Re: [tool] the new p0f 2.0.1 is now out Matt Barrie (Sep 04)
- RE: Re: [tool] the new p0f 2.0.1 is now out Michal Zalewski (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out simon (www.snosoft.com) (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out SPAM (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out Thor Larholm (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out Robert Jaroszuk (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out morning_wood (Sep 04)
- Re: Re: [tool] the new p0f 2.0.1 is now out Michal Zalewski (Sep 05)
- Re: [tool] the new p0f 2.0.1 is now out thetic (Sep 04)
- RE: Re: [tool] the new p0f 2.0.1 is now out Michal Zalewski (Sep 04)
- Re: [tool] the new p0f 2.0.1 is now out Ron DuFresne (Sep 07)