From owner-freebsd-ports@FreeBSD.ORG Fri Jan 13 05:49:20 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 953361065676 for ; Fri, 13 Jan 2012 05:49:20 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4E2B78FC1D for ; Fri, 13 Jan 2012 05:49:20 +0000 (UTC) Received: by ghbf14 with SMTP id f14so827650ghb.13 for ; Thu, 12 Jan 2012 21:49:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition; bh=7g4N8mr0+q1B1y0WoiGqkQmmQaj6/0oUdZ6/d+CLXW0=; b=rSbUPPQMqcsbP/De9bvHvFUCAxgwmfGnmBwnbBO4kZcit2dHwlTIznBaAR9UlGLIo4 LLK/KagSrwaeQBXDEfs+JgqBmv0/Y0TrWrtAM9nLVqo6bHNSEp0ZK6IaYEyojHMAXXND 590ZyKtK1fGcW96OnOzg4SUuyjbOfJSWrrnNc= Received: by 10.236.154.5 with SMTP id g5mr920151yhk.63.1326433759669; Thu, 12 Jan 2012 21:49:19 -0800 (PST) Received: from DataIX.net (adsl-99-56-123-248.dsl.klmzmi.sbcglobal.net. [99.56.123.248]) by mx.google.com with ESMTPS id i12sm20395522anm.6.2012.01.12.21.49.12 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 Jan 2012 21:49:18 -0800 (PST) Sender: Jason Hellenthal Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q0D5n8t5094413 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 13 Jan 2012 00:49:09 -0500 (EST) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q0D5n2nQ094334 for ports@freebsd.org; Fri, 13 Jan 2012 00:49:02 -0500 (EST) (envelope-from jhell@DataIX.net) Date: Fri, 13 Jan 2012 00:49:02 -0500 From: Jason Hellenthal To: ports@freebsd.org Message-ID: <20120113054902.GA70332@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Cc: Subject: FW: p0f3 release candidate X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2012 05:49:20 -0000 Ports maintainers and other ideals might be interested in the following. It purely needs more eyes at this point. ----- Forwarded message from Michal Zalewski ----- Date: Tue, 10 Jan 2012 01:23:08 -0800 From: Michal Zalewski To: bugtraq , full-disclosure Subject: [Full-disclosure] p0f3 release candidate Hi folks, I wanted to share the news of p0f v3, a complete rewrite and redesign of my passive fingerprinting tool. == Synopsis == P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Some of its capabilities include: - Scalable and fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms. - Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on. - Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups, - Detection of dishonest clients / servers that forge declarative statements such as X-Mailer or User-Agent. The tool can be operated in the foreground or as a daemon, and offers a simple real-time API for third-party components that wish to obtain additional information about the actors they are talking to. Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse prevention tools; and miscellaneous forensics. == What's new == Version 3 is a complete rewrite, bringing you much improved SYN and SYN+ACK fingerprinting capabilities, auto-calibrated uptime measurements, completely redone databases and signatures, new API design, IPv6 support (who knows, maybe it even works?), stateful traffic inspection with thorough cross-correlation of collected data, application-level fingerprinting modules (for HTTP now, more to come), and a lot more. == Download / demo == Please visit: http://lcamtuf.coredump.cx/p0f3/ This is a "release candidate", and my hope is to get folks to contribute signatures and help squash bugs. If all goes according to plan, this should progress to a final release in a week or two. Some issues are expected, so please report problems off-the-list. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----- End forwarded message ----- -- ;s =;