Tuesday, January 10, 2012

p0f v3

And I though MZ gave up on p0f after no updates to v2 in years. I guess I'm proven wrong....

== What's new ==

Version 3 is a complete rewrite, bringing you much improved SYN and SYN+ACK fingerprinting capabilities, auto-calibrated uptime measurements, completely redone databases and signatures, new API design, IPv6 support (who knows, maybe it even works?), stateful traffic inspection with thorough cross-correlation of collected data, application-level fingerprinting modules (for HTTP now, more to come),
and a lot more.

----

On my list to test in the near future and provide some new fingerprints. Assuming time permits and how well it works (I have no doubts well, but...), I will look at what it is doing and see if I can incorporate new stuff/ideas into a newer tcp plugin for Satori.

No comments: