![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: William Stearns <wstearns@pobox.com>
To: <honeypots@securityfocus.com>, <intrusions@incidents.org>, <lwn@lwn.net>,
marty <marty@linuxtoday.com>, <sectools@securityfocus.com>,
Securiteam General mailbox <info@securiteam.com>
Subject: p0f 1.8 final release
Date: Mon, 21 Jan 2002 00:44:15 -0500 (EST)
Cc: William Stearns <wstearns@pobox.com>,
Michal Zalewski <lcamtuf@coredump.cx>
Good day, all,
Michal and I are pleased to provide p0f version 1.8. p0f is the
passive OS fingerprinting utility that can identify a remote machine from
just the syn packet of an incoming connection.
It has patches contributed by Erkin Acar (to calculate header
length), Jose Nazario (to fix a filename issue), Stephen White (display
timestamps in verbose mode) and Trevor Johnson (documentation updates).
Thanks to all who contributed patches and new signatures.
Michal provided the following changes:
- License clarified (LGPL)
- Documentation fixes
- "-o" (output file), "-t" (timestamp), "-U" (no unknown signatures), and
"-K" (no known signatures) options.
Michal has also added code to check the syn packet length as an
additional fingerprint check. The fingerprint file has some of the
signatures updated to include length, with the rest having a length of -1.
When a packet matches one of the length-less signatures, the match is
still made, but a p0f in verbose mode will report the correct length:
a.b.c.d [8 hops]: Windows 2000 *
+ a.b.c.d:port -> m.n.o.p:port
* packet length for this one is 48.
This length can be added back to the signature file - and that's
where we'd love to get your help! Please send in any length entries you
find so we can update the signature file. New signatures for currently
unidentified OS's are also appreciated. Thanks for making p0f a better
tool for all of us.
Bill has added a man page and Linux RPMS.
The new site for the tool is http://www.stearns.org/p0f/ . A tar
file and RPM's can be found there. Matt Scarborough has offered to
provide a Win32 binary for those that are interested. The binary and
additional files needed to compile under win32 will be at the above URL
soon after this release. We also hope to have .deb packages at that URL
in the near future.
Many thanks to all who have helped in p0f development!
Cheers,
- Bill
---------------------------------------------------------------------------
"My Operat~1 System supports long filena~1, does yours?"
(Courtesy of mike <mike@morpheus.streamgroup.co.uk>)
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------