[Discussion] OS Fingerprinting

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matt Jonkman wrote:
> Decula in IRC had two great ideas. One was to use something like p0f to
> do live OS fingerprinting.
>
> That could be very useful for eliminating false positives and
> identifying unusual behavior (ie a windows box running a telnet server, etc)
>
> Adding this to the wiki, anyone have thoughts to add to that?
>
> Matt
>   
p0f can't tell the difference between a windows XP workstation and 
windows 2000 server (last I remember).
I had used it for 'zombie' detection in our anti-spam system, but the 
incremental assistance wasn't worth the cpu (it took a little cpu.)


-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * King of Spam Filters, SC Magazine 2008
    * Information Security Award 2008, Info Security Products Guide
    * CRN Magazine Top 40 Emerging Security Vendors


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20081219/98ef1976/attachment-0002.html>

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]