Re: Passive OS Fingerprinting was Cisco CTR etc

From: Raistlin (
Date: 11/27/03

To: "Andy Cuff [Talisker]" <>, "Teicher, Mark (Mark)" <>, "Ron Gula" <>, <>
Date: Thu, 27 Nov 2003 11:40:30 +0100

> LTNS ! I was under the impression that anti-sniff was (thinking of a
> word) prone to false positives.

We @ s0ftpj played around with that concept some time ago. Sorry that some
documentation may be in Italian, but the code is basically there:

We have also a couple of tools related with os fingerprinting, check out the
tools page:


S0ftPj - Digital Security for Y2K


Relevant Pages

  • Re: TLD S-100 motherboard info request
    ... Now, being from Italy, and having a "name ending with a vowel" imply that I'm *Italian*, so english is not my mother tongue, and indeed there was some mistakes in writing. ... If those interested want facts and not spurious "suspicions" ... can obtain adequate documentation from on-line sources for free, ... I'm sad that after the first misunderstandment you have taken nearly all what I have written in the most negative sense. ...
  • Re: Walnut Creek ISO
    ... > | documentation. ... I have looked in my 1994 version, and the archive contains MSDOS executables. ... Perhaps these was removed because of viruses or false positives? ...
  • Re: Alarm response strategies
    ... > are far less prone to false positives. ... Your UDP DOS may have an impact ... any false positives - because it only triggers on anomalies - which are ...
  • Re: PHP v Python: fair comparison?
    ... mod_python is difficult to set up, and use, and is buggy and prone to ... read the documentation for the ...
  • Re: Gap between BB flange and shell
    ... is it an 'English' or 'Italian' version? ... An Italian right cup, being right-hand threaded, will be more prone to ... loosening so it'll be more important to check it sooner rather than later. ...