[Discussion] OS Fingerprinting

• Previous message (by thread): [Discussion] Rules Syntax
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Decula in IRC had two great ideas. One was to use something like p0f to
do live OS fingerprinting.

That could be very useful for eliminating false positives and
identifying unusual behavior (ie a windows box running a telnet server, etc)

Adding this to the wiki, anyone have thoughts to add to that?

Matt

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] Rules Syntax
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]