Honeypots mailing list archives
p0f 2 call for improvements
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 15 Aug 2003 22:01:12 +0200 (CEST)
Hello list, I decided to rewrite my old tool, p0f (passive os fingerprinter) - which turned out to be a pretty successful development, and ended up in parts or in whole in several IDSes, and sniffer solutions, and probably in a number of homemade honeypots - and make it better and more precise. Because there is a number of p0f users on this list, I'd like to ask for any ideas, suggestions or improvements you might have. My current wish list for version 2 is: - New modulo comparisons for maximum segment size and window size to elliminate multiple signatures for certain OSes, - Media type for the remote party's network is now reported, if available (MTU determined from MSS, if possible), - NOP count detection, - flag layout detection, - timestamp flag detection. Any other requests or suggestions? Did you miss something in p0f 1.8.3, is there something that annoyed you? Please reply directy to me, if possible. Thanks! -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-08-15 21:55 --
Current thread:
- p0f 2 call for improvements Michal Zalewski (Aug 15)
- p0f 2 beta now out - fingerprint data needed Michal Zalewski (Aug 16)