[Zeek] State of p0f support
Robin Sommer
robin at corelight.com
Thu Jun 20 11:05:21 PDT 2019
To wrap this up: What I think I'm hearing is that there's certainly
opportunity for a much improved/modern version of such functionality,
but it also sounds like that nobody's is relying on that old
functionality anymore (not a surprise). So we'll go ahead and remove
the current p0f code in Zeek.
Robin
On Mon, Jun 17, 2019 at 13:45 -0700, I wrote:
> Looking for some input here.
>
> Zeek has provided support for passive OS fingerprinting for a long
> time through p0f. However, we are using using a very outdated version
> of the p0f engine, and the signature set is likewise stale (last
> update from 2011!).
>
> Unfortunately p0f has changed quite a bit in meantime, so that it's
> not easy to upgrade. While we'd certainly be happy to do that if
> anybody wanted to work on it, for now we are considering to remove the
> old engine that's currently shipping with Zeek because it doesn't seem
> to provide much value anymore.
>
> Please chime in if that would be a problem for you. Is anybody still
> relying on the p0f support in Zeek as it is today?
>
> Thanks,
>
> Robin
>
>
> --
> Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the Zeek
mailing list