From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Vincent > > On Fri, 26 Jan 2007, Giampaolo Tomassoni wrote: > > > Why does the p0f-analyzer.pl script exists? > > > > I see that the p0f tool is capable of caching a specified > amount of request, and then reply to queries issues through a unix socket. > > > > This in native C-language, which often means reduced size and > increased performance with respect to perl's p0f-analyzer.pl. > > > > Giampaolo. > > If I understand correctly, when you are running p0f with -Q (unix socket) > option, there is no easy way to get the tcp source port and put it in > the query packets to get the correct cached result. I don't know if there > is MTA or smtp implementation to cache smtp client tcp source port.
There is something new in p0f-2.0.8: the source port can be "wildcarded" using the value 0. p0f has to be run with the '-0' flag to enable this mode. A new SA p0f plugin "personality" could be worked out in order to by-pass p0f-analyzer.pl. Is anybody working on this? Cheers, Giampaolo > > Vincent > http://bl0g.blogdns.com > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
