[Discussion] OS Fingerprinting
ddp
ddpbsd at gmail.com
Fri Dec 19 20:26:32 UTC 2008
On Fri, Dec 19, 2008 at 3:15 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> Decula in IRC had two great ideas. One was to use something like p0f to
> do live OS fingerprinting.
>
> That could be very useful for eliminating false positives and
> identifying unusual behavior (ie a windows box running a telnet server, etc)
>
> Adding this to the wiki, anyone have thoughts to add to that?
>
> Matt
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>
Add in functionality like pads or passer.py and you're on your way to recreating
Sourcefire's RNA. passer.py (http://stearns.org/passer) does OS
identification also.
dan
More information about the Discussion
mailing list