Patches from Matthias Drochner (thanks !)
Version 2.0.8:
-------------
More fingerprints, signature cleanup.
p0fping.c and diagnostic queries added.
Socket ownership fix when dropping privs.
Some -O signatures.
Version 2.0.7:
--------------
Added -0 mode for port 0 wildcards in queries.
Added -e option to make p0f work on some boxes.
HDLC support added.
New fingerprints, including Windows Vista betas.
[BUG] Fixed timezone in logs after chroot().
[BUG] Unlikely command-line overflow with VLANs fixed.
Version 2.0.6:
--------------
[BUG] Fixed pcap naming madness.
Support for Cygwin.
More signatures. Plenty of -A sigs from Ryan Kruse.
[BUG] Fix to a command-line parsing snafu with sprintf; shame on me ;-)
Timestamps in masquerade detection.
Write PID to /var/run/p0f.pid
- Replace SED with SUBST.*
- Improve DESCR
- ok'ed snj@/wiz@
From the Changelog:
Verison 2.0.4:
--------------
More signatures.
Improved documentation, mentions of p0f_db, etc.
[BUG] Fixed a minor problem with installation on systems w/o /usr/man/.
[BUG] Fixed a DLT_NULL problem, added a new loopback signature.
Multiple timestamp options, timestamps now read from pcap dumps.
Sync with new Windows port code.
[BUG] Fixed one-line reporting for masquerade detection.
changes/fixes include:
Iproved -F.
Masquerade detection code now checks for time going backwards in
timestamps.
Added uptime in query data and p0fq.c.
Added -F fuzzy TTL matching option.
More signatures.
[BUG] Missing ENDIAN define on SunOS? Added to Makefile. It now
defaults to big endian, perhaps worth auto-detecting in case of
Solaris on x86 or such.
-r now also resolves the target host.
Added -X option, sendsyn added. Better Makefile and p0f*.fp documentation.
Automatic wildcard for WSS of 12345 and size exceeding PACKET_BIG.
Sheesh, more cleanup in p0fr.fp explanations and p0f.c RST recognition
code.
Added wildcard for packet size; massive ACK probing to diagnose the
payload quoting issue. Many new RST fingerprints for network
devices.
Updated some tos.h signatures.
see doc/ChangeLog for a complete list
from webpage:
>v2 is a significantly more accurate, precise and faster brother of the original
>proof-of-concept tool I released in 2000. P0f v1 is largely obsolete...
Changelog:
1.8.3 (Feb 6, 2003)
- Lots of new signatures
- URL's for papers and sites with information on fingerprinting.
- Information on the windows/Cygwin port. .exe for 1.8.3 will
show up soon.
1.8.2.2 (May 13, 2002)
- Rechecked version numbers. (Bill)
- Mysql cleanup and integration
- Mysql quickstart (Marion)
1.8.2.1 (May 12, 2002)
- Mysql Support Added (Evrim ULU <evrim@core.gen.tr>)
- FPS Buffer Length increased from 120 to 150 (Evrim)
- p0f-mysql.conf config file added for mysql connectivity (Evrim)
- parser for p0f.fp was corrected. It was including
wwww:ttt: ... line in the comments. (Evrim)
- mysql/db.sql file is included for creation of db tables (Evrim)
- Makefile.mysql is added - no gnu autoconf support yet. (Evrim)
- New RedHat 7.0 Beta Fischer FP added. (Evrim)
- Max fingerprints raised to 5000 for the moresigs project. (Bill)
1. Developer changed s/Micha³ Zalewski/William Stearns/
2. A lot of new finger prints.
3. GPL -> LGPL license change
Full list (not so big) in ChangeLog
Patch contributed by Dawid Szymañski in PR 19896.
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system. Captured
packets contains enough information to determine OS - and, unlike
active scanners (nmap, queSO) - without sending anything to this host.
Package contributed by Dawid Szymanski <daws@irc.pl> on IRC.
