|
|
Re: P0F in Snort?: msg#00193security.ids.snort.bleedingsnort
Quoting Matt Jonkman <jonkman-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx>: You have it doing a db lookup to p0f? Or a preproc? Right now the detection plugin pulls the lookup from a text file generate by p0f :( . I haven't yet decided on the "best" way to make the p0f data available to the ostype detection-plugin. I like the bdb database idea because it is so quick and it's low overhead. But I'm still open to suggestions on how best to get the lookup for [ ip_addr <-> p0f_fp ] . The hold-up on this part is my own ignorance of the internal interfaces into p0f. jp ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: services-MMNQ1ylbVXZN8Ch2cx6nig@xxxxxxxxxxxxxxxx |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | 5 Years of Castlecops!!: 00193, Matt Jonkman |
|---|---|
| Next by Date: | Re: Unusually High Client DNS Query Volume -- lots of hits.: 00193, Russell Fulton |
| Previous by Thread: | Re: P0F in Snort?i: 00193, Matt Jonkman |
| Next by Thread: | RE: P0F in Snort?: 00193, Michael Scheidell |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |