[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out

To: "thetic" <thetic_1900@xxxxxxxxxxx>, "Michal Zalewski" <lcamtuf@xxxxxxxxxxx>, <honeypots@xxxxxxxxxxxxxxxxx>, <pen-test@xxxxxxxxxxxxxxxxx>, <focus-ids@xxxxxxxxxxxxxxxxx>, <sectools@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
From: "Parker, Jeff (MSE)" <jeff.t.parker@xxxxxx>
Date: Thu, 4 Sep 2003 15:11:01 -0400

Umer,

Running p0f does not necessarily offer a stimulus/response test.

Regarding detecting a machine with p0f installed/running, you may have
better success simply trying to detect for any network adapter in
promiscuous mode.  And there's tons of info available on that...

HTH,
-jeff parker

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of thetic
Sent: Thursday, September 04, 2003 2:20 PM
To: Michal Zalewski; honeypots@xxxxxxxxxxxxxxxxx;
pen-test@xxxxxxxxxxxxxxxxx; focus-ids@xxxxxxxxxxxxxxxxx;
sectools@xxxxxxxxxxxxxxxxx
Cc: incidents@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx;
full-disclosure@xxxxxxxxxx
Subject: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out


Question concerning the the POF, how can we setup a IDS to detect a POF
scan.

umer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
  - From: Michal Zalewski

Prev by Date: RE: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
Next by Date: Re: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
Previous by thread: [Full-Disclosure] Fw: U.S. warns nuke plants of worm threat
Next by thread: RE: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out
Index(es):
- Date
- Thread