lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALx_OUCG0OSQk6KayEytDyM7biEhSF+wf1GfdDEMPTP+y-WaWQ@mail.gmail.com>
Date: Tue, 10 Jan 2012 01:23:08 -0800
From: Michal Zalewski <lcamtuf@...edump.cx>
To: bugtraq <bugtraq@...urityfocus.com>, 
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: p0f3 release candidate

Hi folks,

I wanted to share the news of p0f v3, a complete rewrite and redesign
of my passive fingerprinting tool.

== Synopsis ==

P0f is a tool that utilizes an array of sophisticated, purely passive
traffic fingerprinting mechanisms to identify the players behind any
incidental TCP/IP communications (often as little as a single normal
SYN) without interfering in any way. Some of its capabilities include:

- Scalable and fast identification of the operating system and
software on both endpoints of a vanilla TCP connection - especially in
settings where NMap probes are blocked, too slow, unreliable, or would
simply set off alarms.

- Measurement of system uptime and network hookup, distance (including
topology behind NAT or packet filters), user language preferences, and
so on.

- Automated detection of connection sharing / NAT, load balancing, and
application-level proxying setups,

- Detection of dishonest clients / servers that forge declarative
statements such as X-Mailer or User-Agent.

The tool can be operated in the foreground or as a daemon, and offers
a simple real-time API for third-party components that wish to obtain
additional information about the actors they are talking to.

Common uses for p0f include reconnaissance during penetration tests;
routine network monitoring; detection of unauthorized network
interconnects in corporate environments; providing signals for abuse
prevention tools; and miscellaneous forensics.

== What's new ==

Version 3 is a complete rewrite, bringing you much improved SYN and
SYN+ACK fingerprinting capabilities, auto-calibrated uptime
measurements, completely redone databases and signatures, new API
design, IPv6 support (who knows, maybe it even works?), stateful
traffic inspection with thorough cross-correlation of collected data,
application-level fingerprinting modules (for HTTP now, more to come),
and a lot more.

== Download / demo ==

Please visit:
http://lcamtuf.coredump.cx/p0f3/

This is a "release candidate", and my hope is to get folks to
contribute signatures and help squash bugs. If all goes according to
plan, this should progress to a final release in a week or two. Some
issues are expected, so please report problems off-the-list.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ