p0f 1.8 final release

From: William Stearns (wstearnsat_private)
Date: Sun Jan 20 2002 - 21:44:15 PST

Next message: infosat_private: "Network test toolbox lcrzoex 4.03"

Previous message: Nelson Murilo: "[ Announce - chkrootkit 0.35 is now available ]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good day, all,
	Michal and I are pleased to provide p0f version 1.8.  p0f is the
passive OS fingerprinting utility that can identify a remote machine from
just the syn packet of an incoming connection.
	It has patches contributed by Erkin Acar (to calculate header
length), Jose Nazario (to fix a filename issue), Stephen White (display
timestamps in verbose mode) and Trevor Johnson (documentation updates).  
Thanks to all who contributed patches and new signatures.
	Michal provided the following changes:
- License clarified (LGPL)
- Documentation fixes
- "-o" (output file), "-t" (timestamp), "-U" (no unknown signatures), and 
  "-K" (no known signatures) options.
	Michal has also added code to check the syn packet length as an 
additional fingerprint check.  The fingerprint file has some of the 
signatures updated to include length, with the rest having a length of -1.  
When a packet matches one of the length-less signatures, the match is 
still made, but a p0f in verbose mode will report the correct length:

a.b.c.d [8 hops]: Windows 2000 *
 + a.b.c.d:port -> m.n.o.p:port
 * packet length for this one is 48.

	This length can be added back to the signature file - and that's
where we'd love to get your help!  Please send in any length entries you
find so we can update the signature file.  New signatures for currently
unidentified OS's are also appreciated.  Thanks for making p0f a better
tool for all of us.
	Bill has added a man page and Linux RPMS.
	The new site for the tool is http://www.stearns.org/p0f/ .  A tar 
file and RPM's can be found there.  Matt Scarborough has offered to 
provide a Win32 binary for those that are interested.  The binary and 
additional files needed to compile under win32 will be at the above URL 
soon after this release.  We also hope to have .deb packages at that URL 
in the near future.
	Many thanks to all who have helped in p0f development!
	Cheers,
	- Bill

---------------------------------------------------------------------------
        "My Operat~1 System supports long filena~1, does yours?"
(Courtesy of mike <mikeat_private>)
--------------------------------------------------------------------------
William Stearns (wstearnsat_private).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------

Next message: infosat_private: "Network test toolbox lcrzoex 4.03"
Previous message: Nelson Murilo: "[ Announce - chkrootkit 0.35 is now available ]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 08:09:51 PST