|
|
RE: P0F in Snort?: msg#00156security.ids.snort.bleedingsnort
> -----Original Message----- > From: bleeding-sigs-bounces-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx > [mailto:bleeding-sigs-bounces-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx] > On Behalf > Of Matt Jonkman > Sent: Saturday, January 27, 2007 6:03 PM > To: Bleeding Sigs > Subject: [Bleeding-sigs] P0F in Snort? > > Stray thought: ANyone ever seen or thought about integrating > p0f into snort? P0f is an OS detection tool that's uncannily > accurate by tcp behavior, totally passive. > I had an 'issue' at a clients and suspected his client was using a buggy solaris stack. p0f proved it. Its pretty good stuff, but has to be configured one way for SYN, the other for ACK. (in vs out connections) Doen't snort have perl already built in? what about something perverted with an inline adodb call to the p0f datgabase. (and we want XP boxes to connect to us so they can receive web content) ----------------------------------------------------------------- This email has been scanned and certified safe by SpammerTrap(tm) For Information please see http://www.spammertrap.com ----------------------------------------------------------------- |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: [Listeningpost] Mem and CPU usage: 00156, Matt Jonkman |
|---|---|
| Next by Date: | DNS Query sigs: 00156, Matt Jonkman |
| Previous by Thread: | P0F in Snort?i: 00156, Matt Jonkman |
| Next by Thread: | Re: P0F in Snort?: 00156, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |