[ANNOUNCE] p0f 1.8.2 final release

From: William Stearns (wstearnsat_private)
Date: Mon Feb 04 2002 - 11:17:32 PST

Next message: ET LoWNOISE: "[LoWNOISE] Wmap 1.2"

Previous message: infosat_private: "Network library lcrzo 4.04"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good day, all,
        Michal and I are pleased to provide p0f version 1.8.2.  p0f is the
passive OS fingerprinting utility that can identify a remote machine from
just the syn packet of an incoming connection.  Note that because of a
confusion about a developers release, there never was a formal 1.8.1.
	Here are the changes:

- Addition of CREDITS, ChangeLog
- p0frep log parsing tool by Michal
- Documentation updates and reformatting
- "-q" quiet option; doesn't print banners. (Michal)
- freopen fix for compile errors in "write output to file" choice, typo
fixes (Trevor Johnson)
- New fingerprints
- New fingerprint lengths
- Support BPF capture with cooked sockets (DLT_LINUX_SLL, captured with
"-i any") (Bill)
- init script forces libpcap to only send up tcp packets with a syn set
(Bill)
- Solaris/non-gnu $< and mkdir --parents fixes (TAHARA Yuusuke)
- Use printf() instead of puts() (Bill, spotted by piggyat_private)
- Include note about logcheck support (John Sage <jsageat_private>)
- First availability of additional unverified signatures (see
http://www.stearns.org/p0f/moresigs/ , Bill)

	These new signatures have been automatically created by
correlating incoming syn packets with the User-agent field from some web
logs.  While a certain amount of effort has gone into cleaning up these 
signatures and discarding invalid data, these have not been verfied by 
hand.

        The new site for the tool is http://www.stearns.org/p0f/ .  A tar
file and RPM's can be found there.  Matt Scarborough is actively working
on a Win32 binary for those that are interested.  The binary and
additional files needed to compile under win32 will be at the above URL
soon after this release.  We also hope to have .deb packages at that URL
in the near future.
        Many thanks to all who have helped in p0f development!
	Cheers,
	- Bill

P.S.  For those wishing to capture syn packets for offline analysis with
p0f, there's a wrapper script for tcpdump at
http://www.stearns.org/syncapture/ .

---------------------------------------------------------------------------
	"Silly hacker, root is for administrators."
	-- Unknown
(Courtesy of Fabrice MARIE <fabriceat_private>)
--------------------------------------------------------------------------
William Stearns (wstearnsat_private).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------

Next message: ET LoWNOISE: "[LoWNOISE] Wmap 1.2"
Previous message: infosat_private: "Network library lcrzo 4.04"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 12:25:51 PST