1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

Adding p0f version 1.7.

A passive OS fingerprinting tool.

PR:		19225
Submitted by:	Trevor Johnson <trevor@jpj.net>
This commit is contained in:
Steve Price 2000-07-10 03:51:01 +00:00
parent 0ca0371584
commit 0a382d079d
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=30418
12 changed files with 282 additions and 0 deletions

33
net-mgmt/p0f/Makefile Normal file
View File

@ -0,0 +1,33 @@
# New ports collection makefile for: p0f
# Date created: 2000-06-12
# Whom: Trevor Johnson
#
# $FreeBSD$
#
PORTNAME= p0f
PORTVERSION= 1.7
CATEGORIES= net
MASTER_SITES= http://lcamtuf.hack.pl/
DISTNAME= ${PORTNAME}
EXTRACT_SUFX= .tgz
MAINTAINER= trevor@jpj.net
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
post-patch:
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README
do-install:
@${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
@${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
post-install:
.if !defined(NOPORTDOCS)
@${MKDIR} ${PREFIX}/share/doc/p0f
@${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
.endif
.include <bsd.port.mk>

1
net-mgmt/p0f/distinfo Normal file
View File

@ -0,0 +1 @@
MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801

View File

@ -0,0 +1,78 @@
--- README.orig Mon Jun 12 15:28:41 2000
+++ README Mon Jun 12 21:15:54 2000
@@ -27,30 +27,31 @@
Background:
- * What is passive OS fingerprinting?
+ * What is passive OS fingerprinting?
- Passive OS fingerprinting technique bases on information coming
- from remote host when it establishes connection to our system. Captured
- packets contains enough information to determine OS - and, unlike
- active scanners (nmap, queSO) - without sending anything to this host.
+ Passive OS fingerprinting is based on information coming from a remote host
+ when it establishes a connection to our system. Captured packets contain
+ enough information to identify the operating system. In contrast to active
+ scanners such as nmap and QueSO, p0f does not send anything to the host being
+ identified.
If you're looking for more information, read Spitzner's text at:
http://www.enteract.com/~lspitz/finger.html
- * How it works?
+ * How does it work?
Well, there are some TCP/IP flag settings specific for given systems.
Usually initial TTL (8 bits), window size (16 bits), maximum segment size
(16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
- (1 bit) and window scaling option (8 bits) combined together gives unique,
+ (1 bit) and window scaling option (8 bits) combined together give a unique,
51-bit signature for every system.
- * What are main advantages?
+ * What are the main advantages?
- Passive OS fingerprinting can be done on huge portions of input data - eg.
- information gathered on firewall, proxy, routing device or Internet server,
- without causing any network activity. You can launch passive OS detection
- software on such machine and leave it for days, weeks or months, collecting
+ Passive OS fingerprinting can be done on huge amounts of input data -
+ gathered on a firewall, proxy, routing device or Internet server - without
+ causing any network activity. You can launch passive OS detection
+ software on such a machine and leave it for days or months, collecting
really interesting statistical and - *erm* - just interesting information.
What's really funny - packet filtering firewalls, network address
translation and so on are transparent to p0f-alike software, so you're able
@@ -62,7 +63,7 @@
Limitations
Proxy firewalls and other high-level proxy devices are not transparent to
- any tcp fingerprinting software. It applies to p0f, as well.
+ any TCP fingerprinting software. It applies to p0f, as well.
In order to obtain information required for fingerprinting, you have to
receive at least one SYN packet initializing TCP connection to your
@@ -78,9 +79,9 @@
window size are constant for initial TCP/IP packet, but changing rapidly
later).
-Why our bubble gum is better?
+Why is our bubble gum better?
- There is another passive OS detection utility, called 'siphon'. It's
+ There is another passive OS detection utility, called 'siphon'. It's a
pretty good piece of proof-of-concept software, but it isn't perfect. Well,
p0f isn't perfect for sure, but has several improvements:
@@ -128,8 +129,8 @@
Files:
- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
- inside:
+ /etc/p0f.fp or ./p0f.fp - OS fingerprints database.
+ The format is described inside:
# Valid entry describes the way server starts TCP handshake (first SYN).
# Important options are: window size (wss), maximum segment size (mss),

1
net-mgmt/p0f/pkg-comment Normal file
View File

@ -0,0 +1 @@
Passive OS fingerprinting tool

24
net-mgmt/p0f/pkg-descr Normal file
View File

@ -0,0 +1,24 @@
from the README:
Passive OS fingerprinting is based on information coming from a remote host
when it establishes a connection to our system. Captured packets contain
enough information to identify the operating system. In contrast to active
scanners such as nmap and QueSO, p0f does not send anything to the host being
identified.
For more information, read Spitzner's text at:
http://www.enteract.com/~lspitz/finger.html .
from the maintainer:
Use of this program requires read access to the packet filtering
device, typically /dev/bpf0. Granting such access allows the users
who have it to put your Ethernet device into promiscuous mode and
sniff your network. See
http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
if you do not understand how this can be harmful. Running p0f with
no options will cause it to analyse packets intended for other
hosts.
Trevor Johnson
trevor@jpj.net

4
net-mgmt/p0f/pkg-plist Normal file
View File

@ -0,0 +1,4 @@
bin/p0f
etc/p0f.fp
share/doc/p0f/README
@dirrm share/doc/p0f

33
net/p0f/Makefile Normal file
View File

@ -0,0 +1,33 @@
# New ports collection makefile for: p0f
# Date created: 2000-06-12
# Whom: Trevor Johnson
#
# $FreeBSD$
#
PORTNAME= p0f
PORTVERSION= 1.7
CATEGORIES= net
MASTER_SITES= http://lcamtuf.hack.pl/
DISTNAME= ${PORTNAME}
EXTRACT_SUFX= .tgz
MAINTAINER= trevor@jpj.net
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
post-patch:
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README
do-install:
@${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
@${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
post-install:
.if !defined(NOPORTDOCS)
@${MKDIR} ${PREFIX}/share/doc/p0f
@${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
.endif
.include <bsd.port.mk>

1
net/p0f/distinfo Normal file
View File

@ -0,0 +1 @@
MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801

View File

@ -0,0 +1,78 @@
--- README.orig Mon Jun 12 15:28:41 2000
+++ README Mon Jun 12 21:15:54 2000
@@ -27,30 +27,31 @@
Background:
- * What is passive OS fingerprinting?
+ * What is passive OS fingerprinting?
- Passive OS fingerprinting technique bases on information coming
- from remote host when it establishes connection to our system. Captured
- packets contains enough information to determine OS - and, unlike
- active scanners (nmap, queSO) - without sending anything to this host.
+ Passive OS fingerprinting is based on information coming from a remote host
+ when it establishes a connection to our system. Captured packets contain
+ enough information to identify the operating system. In contrast to active
+ scanners such as nmap and QueSO, p0f does not send anything to the host being
+ identified.
If you're looking for more information, read Spitzner's text at:
http://www.enteract.com/~lspitz/finger.html
- * How it works?
+ * How does it work?
Well, there are some TCP/IP flag settings specific for given systems.
Usually initial TTL (8 bits), window size (16 bits), maximum segment size
(16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
- (1 bit) and window scaling option (8 bits) combined together gives unique,
+ (1 bit) and window scaling option (8 bits) combined together give a unique,
51-bit signature for every system.
- * What are main advantages?
+ * What are the main advantages?
- Passive OS fingerprinting can be done on huge portions of input data - eg.
- information gathered on firewall, proxy, routing device or Internet server,
- without causing any network activity. You can launch passive OS detection
- software on such machine and leave it for days, weeks or months, collecting
+ Passive OS fingerprinting can be done on huge amounts of input data -
+ gathered on a firewall, proxy, routing device or Internet server - without
+ causing any network activity. You can launch passive OS detection
+ software on such a machine and leave it for days or months, collecting
really interesting statistical and - *erm* - just interesting information.
What's really funny - packet filtering firewalls, network address
translation and so on are transparent to p0f-alike software, so you're able
@@ -62,7 +63,7 @@
Limitations
Proxy firewalls and other high-level proxy devices are not transparent to
- any tcp fingerprinting software. It applies to p0f, as well.
+ any TCP fingerprinting software. It applies to p0f, as well.
In order to obtain information required for fingerprinting, you have to
receive at least one SYN packet initializing TCP connection to your
@@ -78,9 +79,9 @@
window size are constant for initial TCP/IP packet, but changing rapidly
later).
-Why our bubble gum is better?
+Why is our bubble gum better?
- There is another passive OS detection utility, called 'siphon'. It's
+ There is another passive OS detection utility, called 'siphon'. It's a
pretty good piece of proof-of-concept software, but it isn't perfect. Well,
p0f isn't perfect for sure, but has several improvements:
@@ -128,8 +129,8 @@
Files:
- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
- inside:
+ /etc/p0f.fp or ./p0f.fp - OS fingerprints database.
+ The format is described inside:
# Valid entry describes the way server starts TCP handshake (first SYN).
# Important options are: window size (wss), maximum segment size (mss),

1
net/p0f/pkg-comment Normal file
View File

@ -0,0 +1 @@
Passive OS fingerprinting tool

24
net/p0f/pkg-descr Normal file
View File

@ -0,0 +1,24 @@
from the README:
Passive OS fingerprinting is based on information coming from a remote host
when it establishes a connection to our system. Captured packets contain
enough information to identify the operating system. In contrast to active
scanners such as nmap and QueSO, p0f does not send anything to the host being
identified.
For more information, read Spitzner's text at:
http://www.enteract.com/~lspitz/finger.html .
from the maintainer:
Use of this program requires read access to the packet filtering
device, typically /dev/bpf0. Granting such access allows the users
who have it to put your Ethernet device into promiscuous mode and
sniff your network. See
http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
if you do not understand how this can be harmful. Running p0f with
no options will cause it to analyse packets intended for other
hosts.
Trevor Johnson
trevor@jpj.net

4
net/p0f/pkg-plist Normal file
View File

@ -0,0 +1,4 @@
bin/p0f
etc/p0f.fp
share/doc/p0f/README
@dirrm share/doc/p0f