[fw-wiz] Request for help with operating system fingerprints

From: William Stearns (wstearns_at_pobox.com)
Date: 09/29/03

  • Next message: Francesco Trentini - Uff. EDP: "R: [fw-wiz] IPSEC over load-shared T1s (per packet)" 
    To: ML-firewall-wizards <firewall-wizards@honor.icsalabs.com>
Date: Sun, 28 Sep 2003 23:07:00 -0400 (EDT)

    Good day, all,
            Michal Zalewski is back doing more development on p0f, the passive
    OS fingerprinting tool. The development site is at
    http://lcamtuf.coredump.cx/p0f.shtml and the files themselves can be found
    at http://lcamtuf.coredump.cx/p0f/

            I'm writing because while the tool does a good job of identifying
    operating systems, it can only be as good as its list of signatures.
    Michal has set up an automated web site to collect these signatures. If
    you go to:

    http://lcamtuf.coredump.cx/p0f-help/

            , that page will tell you if it's seen packets from your operating
    system or not. You can then enter a description of the operating system
    if it's a new one to p0f. When traffic from your operating system type is
    seen in the future, p0f will be able to return better results.

            If you have time, we would both appreciate it if you would connect
    to that site from as many different OS's as possible and enter a
    description if there isn't one there already. Also, if you have friends
    with different operating systems, please pass this request along. Thanks
    in advance for making this tool better for all of us!
            Please include Michal and myself on any responses - thanks.
            Cheers,
            - Bill

    ---------------------------------------------------------------------------
            "Scattered showers my ass!"
            -- Noah
    (Courtesy of "Michael B. Trausch" <mtrausch@wcnet.org>)
    --------------------------------------------------------------------------
    William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f,
    rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
    Linux articles at: http://www.opensourcedigest.com
    --------------------------------------------------------------------------

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Francesco Trentini - Uff. EDP: "R: [fw-wiz] IPSEC over load-shared T1s (per packet)"