[Bro] p0f OS fingerprinting question
Gary Faulkner
gary at doit.wisc.edu
Thu Jan 23 14:25:47 PST 2014
I was asked recently if Bro could do passive OS fingerprinting (in
relation to keeping tabs on XP usage on our networks), and it seems that
there was a dedicated mechanism for this using p0f, but that the Bro
tie-ins may be deprecated per BIT 323
<https://bro-tracker.atlassian.net/browse/BIT-323> or at least very out
of date due to a 6 year p0f development hiatus. With p0f having been
rewritten in 2012 are there there any plans for updating Bro to support
the newer version? The user agent strings in software.log are useful,
but it seems like there were even more fine grained events and records
that came with the p0f tie-ins in regards to parsing out the OS.
Regards,
Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140123/e90d8fba/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140123/e90d8fba/attachment.bin
More information about the Bro
mailing list