diff options
author | Steve Price <steve@FreeBSD.org> | 2000-07-10 03:51:01 +0000 |
---|---|---|
committer | Steve Price <steve@FreeBSD.org> | 2000-07-10 03:51:01 +0000 |
commit | 0a382d079da182d4a673590024ff181ba5ab7d5d (patch) | |
tree | 61c0da75a9a193c6b0ce857def183cf86fef8234 /net | |
parent | Adding gq version 0.2.3. (diff) |
Adding p0f version 1.7.
A passive OS fingerprinting tool.
PR: 19225
Submitted by: Trevor Johnson <trevor@jpj.net>
Notes
Notes:
svn path=/head/; revision=30418
Diffstat (limited to 'net')
-rw-r--r-- | net/p0f/Makefile | 33 | ||||
-rw-r--r-- | net/p0f/distinfo | 1 | ||||
-rw-r--r-- | net/p0f/files/patch-README | 78 | ||||
-rw-r--r-- | net/p0f/pkg-comment | 1 | ||||
-rw-r--r-- | net/p0f/pkg-descr | 24 | ||||
-rw-r--r-- | net/p0f/pkg-plist | 4 |
6 files changed, 141 insertions, 0 deletions
diff --git a/net/p0f/Makefile b/net/p0f/Makefile new file mode 100644 index 000000000000..797f990e4b19 --- /dev/null +++ b/net/p0f/Makefile @@ -0,0 +1,33 @@ +# New ports collection makefile for: p0f +# Date created: 2000-06-12 +# Whom: Trevor Johnson +# +# $FreeBSD$ +# + +PORTNAME= p0f +PORTVERSION= 1.7 +CATEGORIES= net +MASTER_SITES= http://lcamtuf.hack.pl/ +DISTNAME= ${PORTNAME} +EXTRACT_SUFX= .tgz + +MAINTAINER= trevor@jpj.net + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} + +post-patch: + @${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c + @${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README + +do-install: + @${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin + @${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc + +post-install: +.if !defined(NOPORTDOCS) + @${MKDIR} ${PREFIX}/share/doc/p0f + @${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f +.endif + +.include <bsd.port.mk> diff --git a/net/p0f/distinfo b/net/p0f/distinfo new file mode 100644 index 000000000000..198e93223d63 --- /dev/null +++ b/net/p0f/distinfo @@ -0,0 +1 @@ +MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801 diff --git a/net/p0f/files/patch-README b/net/p0f/files/patch-README new file mode 100644 index 000000000000..270fb4e42ac1 --- /dev/null +++ b/net/p0f/files/patch-README @@ -0,0 +1,78 @@ +--- README.orig Mon Jun 12 15:28:41 2000 ++++ README Mon Jun 12 21:15:54 2000 +@@ -27,30 +27,31 @@ + + Background: + +- * What is passive OS fingerprinting? ++ * What is passive OS fingerprinting? + +- Passive OS fingerprinting technique bases on information coming +- from remote host when it establishes connection to our system. Captured +- packets contains enough information to determine OS - and, unlike +- active scanners (nmap, queSO) - without sending anything to this host. ++ Passive OS fingerprinting is based on information coming from a remote host ++ when it establishes a connection to our system. Captured packets contain ++ enough information to identify the operating system. In contrast to active ++ scanners such as nmap and QueSO, p0f does not send anything to the host being ++ identified. + + If you're looking for more information, read Spitzner's text at: + http://www.enteract.com/~lspitz/finger.html + +- * How it works? ++ * How does it work? + + Well, there are some TCP/IP flag settings specific for given systems. + Usually initial TTL (8 bits), window size (16 bits), maximum segment size + (16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option +- (1 bit) and window scaling option (8 bits) combined together gives unique, ++ (1 bit) and window scaling option (8 bits) combined together give a unique, + 51-bit signature for every system. + +- * What are main advantages? ++ * What are the main advantages? + +- Passive OS fingerprinting can be done on huge portions of input data - eg. +- information gathered on firewall, proxy, routing device or Internet server, +- without causing any network activity. You can launch passive OS detection +- software on such machine and leave it for days, weeks or months, collecting ++ Passive OS fingerprinting can be done on huge amounts of input data - ++ gathered on a firewall, proxy, routing device or Internet server - without ++ causing any network activity. You can launch passive OS detection ++ software on such a machine and leave it for days or months, collecting + really interesting statistical and - *erm* - just interesting information. + What's really funny - packet filtering firewalls, network address + translation and so on are transparent to p0f-alike software, so you're able +@@ -62,7 +63,7 @@ + Limitations + + Proxy firewalls and other high-level proxy devices are not transparent to +- any tcp fingerprinting software. It applies to p0f, as well. ++ any TCP fingerprinting software. It applies to p0f, as well. + + In order to obtain information required for fingerprinting, you have to + receive at least one SYN packet initializing TCP connection to your +@@ -78,9 +79,9 @@ + window size are constant for initial TCP/IP packet, but changing rapidly + later). + +-Why our bubble gum is better? ++Why is our bubble gum better? + +- There is another passive OS detection utility, called 'siphon'. It's ++ There is another passive OS detection utility, called 'siphon'. It's a + pretty good piece of proof-of-concept software, but it isn't perfect. Well, + p0f isn't perfect for sure, but has several improvements: + +@@ -128,8 +129,8 @@ + + Files: + +- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described +- inside: ++ /etc/p0f.fp or ./p0f.fp - OS fingerprints database. ++ The format is described inside: + + # Valid entry describes the way server starts TCP handshake (first SYN). + # Important options are: window size (wss), maximum segment size (mss), diff --git a/net/p0f/pkg-comment b/net/p0f/pkg-comment new file mode 100644 index 000000000000..acf5b5aa214d --- /dev/null +++ b/net/p0f/pkg-comment @@ -0,0 +1 @@ +Passive OS fingerprinting tool diff --git a/net/p0f/pkg-descr b/net/p0f/pkg-descr new file mode 100644 index 000000000000..a48562804ca6 --- /dev/null +++ b/net/p0f/pkg-descr @@ -0,0 +1,24 @@ +from the README: + +Passive OS fingerprinting is based on information coming from a remote host +when it establishes a connection to our system. Captured packets contain +enough information to identify the operating system. In contrast to active +scanners such as nmap and QueSO, p0f does not send anything to the host being +identified. + +For more information, read Spitzner's text at: +http://www.enteract.com/~lspitz/finger.html . + +from the maintainer: + +Use of this program requires read access to the packet filtering +device, typically /dev/bpf0. Granting such access allows the users +who have it to put your Ethernet device into promiscuous mode and +sniff your network. See +http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml +if you do not understand how this can be harmful. Running p0f with +no options will cause it to analyse packets intended for other +hosts. + +Trevor Johnson +trevor@jpj.net diff --git a/net/p0f/pkg-plist b/net/p0f/pkg-plist new file mode 100644 index 000000000000..ac2c86b8a336 --- /dev/null +++ b/net/p0f/pkg-plist @@ -0,0 +1,4 @@ +bin/p0f +etc/p0f.fp +share/doc/p0f/README +@dirrm share/doc/p0f |