Michael, > Sounds interesting, any idea what kind of a load it puts on > system/network to do the os fingerprinting?
The p0f itself imposes about as much load as tcpdump. You can easily see how much time it consumed by observing output from 'ps' or 'top'. An hour CPU in a month maybe? It helps to let p0f only see the incoming mail traffic, especially if there are other traffic-generating services running on the same host. The rest is negligible, p0f-analyzer.pl and amavisd client code is very lightweight, does not present neither CPU load nor additional latency. > I suppose one would NEVER want an email directly from a windows > workstation (or an Amiga). > This would be good to fight against all those zombies. That's the idea. > I assume a xp firewall isn't an issue, since if they were behind a > firewall, chances are they wouldn't have been hacked. p0f can see through some types of firewall. It reports UNKNOWN if the signature is too unusual. Mark ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
