[Bro] p0f v3 signature definitions
seth at icir.org
Wed Feb 6 14:01:47 PST 2013
On Feb 6, 2013, at 4:34 PM, James Swaro <james.swaro at gmail.com> wrote:
> Quick question about OS fingerprinting:
> Will the OS fingerprinting code in bro be updated to use the new fingerprint definitions given in the latest version of p0f(3.06b)?
It depends on what you mean by that. :)
I tend to upgrade the signatures when there are new releases, but we only support the original SYN packet mechanism (and not the newer SYN/ACK mechanism) so not all of the signatures will do anything directly. We do certainly accept patches if you feel up for updating the p0f code!
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro