p0f 2 call for improvements

[Michal Zalewski <lcamtuf () coredump cx>]

Hello list,

I decided to rewrite my old tool, p0f (passive os fingerprinter) - which
turned out to be a pretty successful development, and ended up in parts or
in whole in several IDSes, and sniffer solutions, and probably in a number
of homemade honeypots - and make it better and more precise.

Because there is a number of p0f users on this list, I'd like to ask for
any ideas, suggestions or improvements you might have. My current wish
list for version 2 is:

    - New modulo comparisons for maximum segment size and window size
      to elliminate multiple signatures for certain OSes,

    - Media type for the remote party's network is now reported, if
      available (MTU determined from MSS, if possible),

    - NOP count detection,

    - flag layout detection,

    - timestamp flag detection.

Any other requests or suggestions? Did you miss something in p0f 1.8.3, is
there something that annoyed you?

Please reply directy to me, if possible.

Thanks!
-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-08-15 21:55 --