[Discussion] OS Fingerprinting

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ddp wrote:
> Add in functionality like pads or passer.py and you're on your way to recreating
> Sourcefire's RNA.  passer.py (http://stearns.org/passer) does OS
> identification also.

I'll look this one over, thanks!

As for recreating RNA, we definitely don't want to do that.

1. It's been done, and apparently works well

2. It's been done. i.e. patented. :)

We're definitely doing different things though, and I think we'll have
the opportunity to add a good deal more to it, and make better use of
the info in a new rules language.

Matt


-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] OS Fingerprinting
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]