summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorSteve Price <steve@FreeBSD.org>2000-07-10 03:51:01 +0000
committerSteve Price <steve@FreeBSD.org>2000-07-10 03:51:01 +0000
commit0a382d079da182d4a673590024ff181ba5ab7d5d (patch)
tree61c0da75a9a193c6b0ce857def183cf86fef8234 /net
parentAdding gq version 0.2.3. (diff)
Adding p0f version 1.7.
A passive OS fingerprinting tool. PR: 19225 Submitted by: Trevor Johnson <trevor@jpj.net>
Notes
Notes: svn path=/head/; revision=30418
Diffstat (limited to 'net')
-rw-r--r--net/p0f/Makefile33
-rw-r--r--net/p0f/distinfo1
-rw-r--r--net/p0f/files/patch-README78
-rw-r--r--net/p0f/pkg-comment1
-rw-r--r--net/p0f/pkg-descr24
-rw-r--r--net/p0f/pkg-plist4
6 files changed, 141 insertions, 0 deletions
diff --git a/net/p0f/Makefile b/net/p0f/Makefile
new file mode 100644
index 000000000000..797f990e4b19
--- /dev/null
+++ b/net/p0f/Makefile
@@ -0,0 +1,33 @@
+# New ports collection makefile for: p0f
+# Date created: 2000-06-12
+# Whom: Trevor Johnson
+#
+# $FreeBSD$
+#
+
+PORTNAME= p0f
+PORTVERSION= 1.7
+CATEGORIES= net
+MASTER_SITES= http://lcamtuf.hack.pl/
+DISTNAME= ${PORTNAME}
+EXTRACT_SUFX= .tgz
+
+MAINTAINER= trevor@jpj.net
+
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
+
+post-patch:
+ @${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c
+ @${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README
+
+do-install:
+ @${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
+ @${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
+
+post-install:
+.if !defined(NOPORTDOCS)
+ @${MKDIR} ${PREFIX}/share/doc/p0f
+ @${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
+.endif
+
+.include <bsd.port.mk>
diff --git a/net/p0f/distinfo b/net/p0f/distinfo
new file mode 100644
index 000000000000..198e93223d63
--- /dev/null
+++ b/net/p0f/distinfo
@@ -0,0 +1 @@
+MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801
diff --git a/net/p0f/files/patch-README b/net/p0f/files/patch-README
new file mode 100644
index 000000000000..270fb4e42ac1
--- /dev/null
+++ b/net/p0f/files/patch-README
@@ -0,0 +1,78 @@
+--- README.orig Mon Jun 12 15:28:41 2000
++++ README Mon Jun 12 21:15:54 2000
+@@ -27,30 +27,31 @@
+
+ Background:
+
+- * What is passive OS fingerprinting?
++ * What is passive OS fingerprinting?
+
+- Passive OS fingerprinting technique bases on information coming
+- from remote host when it establishes connection to our system. Captured
+- packets contains enough information to determine OS - and, unlike
+- active scanners (nmap, queSO) - without sending anything to this host.
++ Passive OS fingerprinting is based on information coming from a remote host
++ when it establishes a connection to our system. Captured packets contain
++ enough information to identify the operating system. In contrast to active
++ scanners such as nmap and QueSO, p0f does not send anything to the host being
++ identified.
+
+ If you're looking for more information, read Spitzner's text at:
+ http://www.enteract.com/~lspitz/finger.html
+
+- * How it works?
++ * How does it work?
+
+ Well, there are some TCP/IP flag settings specific for given systems.
+ Usually initial TTL (8 bits), window size (16 bits), maximum segment size
+ (16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
+- (1 bit) and window scaling option (8 bits) combined together gives unique,
++ (1 bit) and window scaling option (8 bits) combined together give a unique,
+ 51-bit signature for every system.
+
+- * What are main advantages?
++ * What are the main advantages?
+
+- Passive OS fingerprinting can be done on huge portions of input data - eg.
+- information gathered on firewall, proxy, routing device or Internet server,
+- without causing any network activity. You can launch passive OS detection
+- software on such machine and leave it for days, weeks or months, collecting
++ Passive OS fingerprinting can be done on huge amounts of input data -
++ gathered on a firewall, proxy, routing device or Internet server - without
++ causing any network activity. You can launch passive OS detection
++ software on such a machine and leave it for days or months, collecting
+ really interesting statistical and - *erm* - just interesting information.
+ What's really funny - packet filtering firewalls, network address
+ translation and so on are transparent to p0f-alike software, so you're able
+@@ -62,7 +63,7 @@
+ Limitations
+
+ Proxy firewalls and other high-level proxy devices are not transparent to
+- any tcp fingerprinting software. It applies to p0f, as well.
++ any TCP fingerprinting software. It applies to p0f, as well.
+
+ In order to obtain information required for fingerprinting, you have to
+ receive at least one SYN packet initializing TCP connection to your
+@@ -78,9 +79,9 @@
+ window size are constant for initial TCP/IP packet, but changing rapidly
+ later).
+
+-Why our bubble gum is better?
++Why is our bubble gum better?
+
+- There is another passive OS detection utility, called 'siphon'. It's
++ There is another passive OS detection utility, called 'siphon'. It's a
+ pretty good piece of proof-of-concept software, but it isn't perfect. Well,
+ p0f isn't perfect for sure, but has several improvements:
+
+@@ -128,8 +129,8 @@
+
+ Files:
+
+- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
+- inside:
++ /etc/p0f.fp or ./p0f.fp - OS fingerprints database.
++ The format is described inside:
+
+ # Valid entry describes the way server starts TCP handshake (first SYN).
+ # Important options are: window size (wss), maximum segment size (mss),
diff --git a/net/p0f/pkg-comment b/net/p0f/pkg-comment
new file mode 100644
index 000000000000..acf5b5aa214d
--- /dev/null
+++ b/net/p0f/pkg-comment
@@ -0,0 +1 @@
+Passive OS fingerprinting tool
diff --git a/net/p0f/pkg-descr b/net/p0f/pkg-descr
new file mode 100644
index 000000000000..a48562804ca6
--- /dev/null
+++ b/net/p0f/pkg-descr
@@ -0,0 +1,24 @@
+from the README:
+
+Passive OS fingerprinting is based on information coming from a remote host
+when it establishes a connection to our system. Captured packets contain
+enough information to identify the operating system. In contrast to active
+scanners such as nmap and QueSO, p0f does not send anything to the host being
+identified.
+
+For more information, read Spitzner's text at:
+http://www.enteract.com/~lspitz/finger.html .
+
+from the maintainer:
+
+Use of this program requires read access to the packet filtering
+device, typically /dev/bpf0. Granting such access allows the users
+who have it to put your Ethernet device into promiscuous mode and
+sniff your network. See
+http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
+if you do not understand how this can be harmful. Running p0f with
+no options will cause it to analyse packets intended for other
+hosts.
+
+Trevor Johnson
+trevor@jpj.net
diff --git a/net/p0f/pkg-plist b/net/p0f/pkg-plist
new file mode 100644
index 000000000000..ac2c86b8a336
--- /dev/null
+++ b/net/p0f/pkg-plist
@@ -0,0 +1,4 @@
+bin/p0f
+etc/p0f.fp
+share/doc/p0f/README
+@dirrm share/doc/p0f