[tool] p0f 2.0.4 is out

From: Michal Zalewski (lcamtuf_at_coredump.cx)
Date: 07/10/04

  • Next message: Chris Petersen: "RE: IDS VS. IPS: Which is Better???" 
    Date: Sat, 10 Jul 2004 22:49:50 +0200 (CEST)
To: focus-ids@securityfocus.com, pen-test@securityfocus.com, honeypots@securityfocus.com

    I am proud to announce the availability of p0f 2.0.4, a passive OS
    fingerprinter (and more). Since 2.0.1 (announced here over a year
    ago), p0f has gained features such as:

      - RST+ACK (connection refused) fingerprinting,
      - Official SYN+ACK (outgoing connection) fingerprinting support,
      - Sophisticated masquerade / IP sharing detection algorithms,
      - TCP/IP stack bug dissector and fingerprinting support,
      - External query API for easier service integration,
      - Rudimentary fuzzy matching,
      - Cool supplementary utilities and ports,
      - Numerous bugfixes and functionality enhancements,
      - Plenty of new signatures.

    P0f is extremely useful in various security-related applications,
    including but not limited to traffic analysis, IDS, forensics, policy
    enforcement, pen-testing, low-profile network reconnaissance.

    More information, links to related or derived projects, and last but not
    least, source downloads, can be all found at:

     => http://lcamtuf.coredump.cx/p0f.shtml <=

    If you wish to stay up-to-date, you are welcome to subscribe to p0f
    project at http://www.freshmeat.net/projects/p0f/.

    Cheers, 

    -- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-07-10 22:26 --
   http://lcamtuf.coredump.cx/photo/current/
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
  • Next message: Chris Petersen: "RE: IDS VS. IPS: Which is Better???"

    Relevant Pages

    • [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
      ... Question concerning the the POF, how can we setup a IDS to detect a POF ... > even if the device is behind a fascist packet firewall. ... plus all the tasks active fingerprinting is suitable ...
      (Full-Disclosure)
    • Re: Fingerprinting IDS sensors?
      ... Typically an IDS would be running in completely passive mode and thus ... I can't think of any way of fingerprinting the last snort IDS I ... It should be easy to fingerprint an IPS by seeing what kind of attacks ... You may need access to a range of different IPS systems to ...
      (Focus-IDS)
    • [tool] p0f 2.0.4 is out
      ... p0f has gained features such as: ... - Official SYN+ACK fingerprinting support, ... More information, links to related or derived projects, and last but not ...
      (Bugtraq)
    • Re: Hiding NATs with PF
      ... >analysis of IP IDs. ... >OS fingerprinting. ... What are you protecting yourself against exactly? ... >outgoing packets so look like they all come from the same flavour of TCP ...
      (comp.unix.bsd.openbsd.misc)
    • Quantcast