[Zeek] State of p0f support
Robin Sommer
robin at corelight.com
Mon Jun 17 13:45:27 PDT 2019
Looking for some input here.
Zeek has provided support for passive OS fingerprinting for a long
time through p0f. However, we are using using a very outdated version
of the p0f engine, and the signature set is likewise stale (last
update from 2011!).
Unfortunately p0f has changed quite a bit in meantime, so that it's
not easy to upgrade. While we'd certainly be happy to do that if
anybody wanted to work on it, for now we are considering to remove the
old engine that's currently shipping with Zeek because it doesn't seem
to provide much value anymore.
Please chime in if that would be a problem for you. Is anybody still
relying on the p0f support in Zeek as it is today?
Thanks,
Robin
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the Zeek
mailing list