On Thu, 4 Sep 2003, morning_wood wrote: > i have used .. > > Archaeopteryx v.1.0 > Copyright C 1999-2001, Sektor:Security > Archaeopteryx is a Passive mode OS Identification Tool. Siphon (on which this tool is, err, 'based', so to speak) was a very simple proof of concept utility. Neither Siphon, nor many other commercial and non-commercial passive OS fingerprinters (standalone or built-in), ever evolved past the point of checking DF and window size, and are hardly kept up to date, with a handful of vague signatures. P0f checks a total of over 20 packet characteristics, detects many complex dependencies (such as wss-mss correlation, a common practice nowadays) and is capable of recognizing the effects of certain network configurations and so on, is way more suited to work in a production system, etc. It is far superior to other implementations I am aware of. So there is no big deal, but the tool is an advance in this field, I believe, and is the only seriously maintained and extended implementation in the open-source area (and probably in the closed-source world, too)... live with it ;-) -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-09-05 09:52 -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 04:29:14 PDT