Olaf Westrik
-
2013-07-23
- Group: Next Release (example) --> Next release
Pof ( http://lcamtuf.coredump.cx/p0f.shtml ) is great
intelligence gathering tool about systems touching your
firewall. It passively detects the OS of the system
sending the packet. It is not perfect but it can be
very useful source of information. It is even able to
detect proxy use. What would be really great is to tie
it into snort so you know not only the attack but what
type of OS is creating the attack.