[Bro] p0f v3 signature definitions
Seth Hall
seth at icir.org
Wed Feb 6 14:01:47 PST 2013
On Feb 6, 2013, at 4:34 PM, James Swaro <james.swaro at gmail.com> wrote:
> Quick question about OS fingerprinting:
>
> Will the OS fingerprinting code in bro be updated to use the new fingerprint definitions given in the latest version of p0f(3.06b)?
It depends on what you mean by that. :)
I tend to upgrade the signatures when there are new releases, but we only support the original SYN packet mechanism (and not the newer SYN/ACK mechanism) so not all of the signatures will do anything directly. We do certainly accept patches if you feel up for updating the p0f code!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list