Commit graph

31 commits

Author SHA1 Message Date
adrianp
28506079ec Update to 2.0.8
Patches from Matthias Drochner (thanks !)

Version 2.0.8:
-------------
More fingerprints, signature cleanup.
p0fping.c and diagnostic queries added.
Socket ownership fix when dropping privs.
Some -O signatures.

Version 2.0.7:
--------------
Added -0 mode for port 0 wildcards in queries.
Added -e option to make p0f work on some boxes.
HDLC support added.
New fingerprints, including Windows Vista betas.
[BUG] Fixed timezone in logs after chroot().
[BUG] Unlikely command-line overflow with VLANs fixed.

Version 2.0.6:
--------------
[BUG] Fixed pcap naming madness.
Support for Cygwin.
More signatures. Plenty of -A sigs from Ryan Kruse.
[BUG] Fix to a command-line parsing snafu with sprintf; shame on me ;-)
Timestamps in masquerade detection.
Write PID to /var/run/p0f.pid
2007-03-05 20:31:51 +00:00
rillig
2829e658f2 Mechanically replaced man/* with ${PKGMANDIR}/* in the definition of
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.

Fixes PR 35265, although I did not use the patch provided therein.
2007-01-07 09:13:46 +00:00
joerg
7f2cbfbcc3 Move docs under share/doc/p0f, fix INSTALLATION_DIRS, bump revision. 2006-06-01 23:14:34 +00:00
rillig
9fc2d7d281 Removed the superfluous "quotes" and 'quotes' from variables that don't
need them, for example RESTRICTED and SUBST_MESSAGE.*.
2006-04-22 09:22:05 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
joerg
acc26f4f54 Use NetBSD rules for DragonFly as well. Don't include both, net/bpf.h
and pcap.h, on DragonFly.
2005-12-08 19:14:47 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
jlam
e46a9dd380 Create directories before installing files into them. 2005-06-17 03:50:19 +00:00
rillig
f795c2e475 Removed trailing white-space. 2005-05-23 08:26:03 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
adrianp
c201f7801a - Update to 2.0.5
- ok'ed wiz@, snj@
- Grab maintainership
- Remove DIST_SUBDIR directive

Verison 2.0.5:
--------------
  [BUG] OpenBSD compile fix.
  Support for 802.1Q.
  New signatures.
  Speel-chceked teh docuhmentation!
  Absolutely experimental support for open connection fingerprinting (-O).
  Synced manpage and documentation.
  Added several -O signatures.
2004-09-22 09:44:57 +00:00
adrianp
9842074d8a - Update to 2.0.4
- Replace SED with SUBST.*
- Improve DESCR
- ok'ed snj@/wiz@

From the Changelog:

Verison 2.0.4:
--------------
More signatures.
Improved documentation, mentions of p0f_db, etc.
[BUG] Fixed a minor problem with installation on systems w/o /usr/man/.
[BUG] Fixed a DLT_NULL problem, added a new loopback signature.
Multiple timestamp options, timestamps now read from pcap dumps.
Sync with new Windows port code.
[BUG] Fixed one-line reporting for masquerade detection.
2004-08-14 10:09:15 +00:00
sketch
e479febb73 Append to CFLAGS on SunOS to avoid recursion. Fixes pkg/23475. 2004-08-06 16:51:39 +00:00
snj
6db109f1f6 Convert to buildlink3. 2004-04-25 03:36:51 +00:00
agc
3ad1bdbf06 Move WRKSRC definition away from the first paragraph in a Makefile. 2004-01-20 12:18:15 +00:00
recht
fcbd595dc6 update to version 2.0.3
changes/fixes include:
  Iproved -F.

  Masquerade detection code now checks for time going backwards in
  timestamps.

  Added uptime in query data and p0fq.c.

  Added -F fuzzy TTL matching option.

  More signatures.

  [BUG] Missing ENDIAN define on SunOS? Added to Makefile. It now
  defaults to big endian, perhaps worth auto-detecting in case of
  Solaris on x86 or such.

  -r now also resolves the target host.

  Added -X option, sendsyn added. Better Makefile and p0f*.fp documentation.
  Automatic wildcard for WSS of 12345 and size exceeding PACKET_BIG.

  Sheesh, more cleanup in p0fr.fp explanations and p0f.c RST recognition
  code.

  Added wildcard for packet size; massive ACK probing to diagnose the
  payload quoting issue. Many new RST fingerprints for network
  devices.

  Updated some tos.h signatures.

see doc/ChangeLog for a complete list
2003-11-03 11:45:28 +00:00
recht
2e54ee29df 1) Solaris (and others) require libpcap from pkgsrc. Use buildlink2
2) Fix the SunOS makefile, which isn't complete.  Tidy up while here.
3) Re-order COMMENT/HOMEPAGE to appease pkglint.

provided by Jonathan Perkin in PR 22916.
2003-10-05 18:13:00 +00:00
itojun
ee7b218482 dig DIST_SUBDIR so that we can build newer version without removing
pkgsrc/distrib/p0f.tgz manually
2003-10-01 23:43:16 +00:00
recht
64f360938e Update to 2.0.2
patch provided in PR 22939 by Adrian Portelli

Version 2.0.2:
--------------
Cleanup of the RST mess in p0fr.fp and p0f.c parser.

Added isprint() text preview for -x mode.

[BUG] Fixed packet size reporting and matching for packets over 255 bytes
(_u8 -> _u16).

Extended RST+ACK to also cover plain RST, added some sane explanations
of the purpose of each mode. Clarification of the RST vs RST+ACK
occurences; test/sendack.c added.

Added -R option for RST+ACK fingerprinting. Created an empty database.
Moved databases from /etc to /etc/p0f/

Windows memory leak mystery solved.

No longer using pcap timeouts for anything. They suck. I first wanted
to use SIGALRM with no SA_RESTART, but it's broken on Linux on this
particular syscall. Fortunately, I spotted an mis-documented  pcap_fileno and can now use select(). I just hope it won't break.

Note to self: despite of the documentation saying pcap_open_live with
timeout 0 will simply never timeout (which is irrelevant for
pcap_loop anyway), it does not work on FreeBSD, inhibiting all packet
processing instead. Works fine on Linux. Go figure.

Some minor p0fq fixes to prevent warnings.

Added some SYN+ACK signatures from rfp (p0fa.fp). Hooray!
p0fa.fp is now official. Moved from test/ to ., etc. README updated.

[BUG] Fixed the default TTL for IRIX and Tru64 (60), added a note to
p0f.fp, fixed TTL checker to also support %30 values.

[BUG] Fixed query mode lookup. The old code didn't handle reverse
lookups properly.

Masquerade scoring data is now available via the query interface.
P0fq utility updated to handle this.

Dropped /bin/bash from p0frep, /bin/sh would suffice.

Added a new -c option for -M and -Q cache size scaling, packet ratio
information on Ctrl-C to help estimate the right parameter.

Extra masquerade detection flags: -T for threshold, -V for detailed
flag breakdown; masquerade reporting now recognizes -r.

The new -w option writes all matching packets to a pcap file (regardless
of -K and -U settings).

Added -M option (unix only until p0f-query.c gets ported). This option
enables advanced masquerade detection based on the cyclic buffer
used by -Q. Added - signature flag to the config file. Some
documentation for the new functionality.

[BUG] Cleaned up the -K and -U semantics with -Q.

Replaced some single-character printfs with putchars in signature
reporting code (should be a tad faster). Added signature check
reporting, generic signature count and some other minor tweaks.

The new -x option provides a hexadecimal TCP/IP packet dump. Useful
when comparing two colliding fingerprints to find some differences
not covered by the current quirks set.

PPPoE interface is now handled correctly on NetBSD.

Added a shoddy manpage and updated makefiles.

Removed E quirk and added E to the regular options; removed needless EOL
append code from the parser. Breaks the old signature format in some
rare cases, but the old quirk is still recognized, and the user will be
advised to change it.

[BUG] Fixed ? option parsing bug that prevented RISC OS signature from
working (and would prevent all ? signatures from working, should there
be any other ;-).

New signatures and other database additions, of course.

[BUG] Fixed a very minor parser bug that could cause it to loop over
an unknown option with a declared length of zero. This is not a DoS
condition, because the parser would quit the loop after parsing max. 16
options anyway.
2003-10-01 23:13:13 +00:00
itojun
b26a601c07 upgrade to 2.0.1.
from webpage:

>v2 is a significantly more accurate, precise and faster brother of the original
>proof-of-concept tool I released in 2000. P0f v1 is largely obsolete...
2003-09-06 04:56:28 +00:00
martti
8cee801716 COMMENT should start with a capital letter. 2003-07-21 17:10:16 +00:00
zuntum
551b7c1425 Update p0f to version 1.8.3
Changelog:

1.8.3 (Feb 6, 2003)
       - Lots of new signatures
       - URL's for papers and sites with information on fingerprinting.
       - Information on the windows/Cygwin port.  .exe for 1.8.3 will
         show up soon.


1.8.2.2 (May 13, 2002)
       - Rechecked version numbers. (Bill)
       - Mysql cleanup and integration
       - Mysql quickstart (Marion)


1.8.2.1 (May 12, 2002)
       - Mysql Support Added (Evrim ULU <evrim@core.gen.tr>)
       - FPS Buffer Length increased from 120 to 150 (Evrim)
       - p0f-mysql.conf config file added for mysql connectivity (Evrim)
       - parser for p0f.fp was corrected. It was including
         wwww:ttt: ... line in the comments. (Evrim)
       - mysql/db.sql file is included for creation of db tables (Evrim)
       - Makefile.mysql is added - no gnu autoconf support yet. (Evrim)
       - New RedHat 7.0 Beta Fischer FP added. (Evrim)
       - Max fingerprints raised to 5000 for the moresigs project. (Bill)
2003-07-12 01:10:59 +00:00
jmmv
9c8a584f4e Make this package honor PKG_SYSCONFDIR. Bump PKGREVISION. 2003-02-02 21:32:11 +00:00
wiz
7d417cd068 Remove (hi hubert!) 2003-01-25 13:59:05 +00:00
hubertf
6ac99e5ad9 Update p0f to 1.8.2. Changes:
1. Developer changed s/Micha³ Zalewski/William Stearns/
        2. A lot of new finger prints.
        3. GPL -> LGPL license change
        Full list (not so big) in ChangeLog

Patch contributed by Dawid Szymañski in PR 19896.
2003-01-17 23:15:23 +00:00
zuntum
c72c1cf5f9 Move pkg/ files into package's toplevel directory 2001-11-01 00:57:41 +00:00
agc
a35e3d707c Move to sha1 digests, add distfile sizes. 2001-04-19 15:40:29 +00:00
agc
2d6b6a009c + move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-04-17 11:43:32 +00:00
hubertf
a865c28a17 Add p0f-1.7: passive OS fingerprinting tool
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system. Captured
packets contains enough information to determine OS - and, unlike
active scanners (nmap, queSO) - without sending anything to this host.

Submitted by in private mail.
2001-03-26 11:59:15 +00:00
zuntum
815af9e0a8 Initial import of p0f-1.7
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system. Captured
packets contains enough information to determine OS - and, unlike
active scanners (nmap, queSO) - without sending anything to this host.

Package contributed by Dawid Szymanski <daws@irc.pl> on IRC.
2001-03-26 05:12:56 +00:00