[Discussion] OS Fingerprinting

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 19, 2008 at 3:15 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> Decula in IRC had two great ideas. One was to use something like p0f to
> do live OS fingerprinting.
>
> That could be very useful for eliminating false positives and
> identifying unusual behavior (ie a windows box running a telnet server, etc)
>
> Adding this to the wiki, anyone have thoughts to add to that?
>
> Matt
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>

Add in functionality like pads or passer.py and you're on your way to recreating
Sourcefire's RNA.  passer.py (http://stearns.org/passer) does OS
identification also.

dan

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] OS Fingerprinting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]