[Bro] p0f v3 signature definitions

Seth Hall seth at icir.org
Wed Feb 6 14:01:47 PST 2013

On Feb 6, 2013, at 4:34 PM, James Swaro <james.swaro at gmail.com> wrote:

> Quick question about OS fingerprinting:
> Will the OS fingerprinting code in bro be updated to use the new fingerprint definitions given in the latest version of p0f(3.06b)? 

It depends on what you mean by that. :)

I tend to upgrade the signatures when there are new releases, but we only support the original SYN packet mechanism (and not the newer SYN/ACK mechanism) so not all of the signatures will do anything directly.  We do certainly accept patches if you feel up for updating the p0f code!


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list