'Re: [Fwknop-discuss] Passive Os fingerprint'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] Passive Os fingerprint
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2008-10-28 2:05:36
Message-ID: 20081028020536.GC915 () cipherdyne ! org
[Download RAW message or body]

On Oct 27, 2008, Franck Joncourt wrote:

> >> I have found there is a Debian package for p0f that uses a more recent
> >> database.
> >>
> >> http://lcamtuf.coredump.cx/p0f/
> >>
> >> --> p0f-2.0.8.tgz
> >>
> >> Could it be updated in your projects ?
> > 
> > Thanks, yes I will update it.  Something on my todo list is to also add
> > support for OS fingerprints from ntop.
> 
> Ok.
> I have never used ntop so I will give it a try.
> 
> >> If yes, I could use the database from the Debian package rather than the
> >> one bundled in fwknop (only useful with port knocking if I am not mistaken).
> > 
> > Do you mean to update the P0F_FILE variable to point to the path for the
> > Debian database?  Or to update psad and fwknop to search for the Debian
> > path by default?
> 
> My main question was to know if it was possible to update the database.

Yes, I will definitely update the database, pending a check to be sure
that the fingerprints from p0f are in the same format as those from the
pf.os file from OpenBSD (which is the file bundled with fwknop).

> Then, if you think it is worth searching for the database in /etc/p0f
> for all distributions, yes that would be nice to have this new feature.
> (I could check how to do that if you want)

I will add a new variable ENABLE_INSTALLED_P0F_DB (or something like
that) to allow the user to control this.

One factor is that p0f fingerprints are only used in port knocking mode
(as you pointed out), so they are almost never used.

--Mike


> Otherwise I will patch the configuration file to update the P0F_FILE
> variable to point to the new path.
> 
> I would prefer the first solution, but I do not want it to be Debian
> specific. :p!
> 
> Thanks,
> 
> -- 
> Franck Joncourt
> http://debian.org - http://smhteam.info/wiki/
> Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
> 



> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic