Re: n0t

[Michal Zalewski <lcamtuf () coredump cx>]

On Sat, 5 Jun 2004, Marcin Ulikowski wrote:

> I'd like to announce version 1.86 of n0t - network 0S tracer

Which, by the way, is mostly a line-by-line copy of p0f (including
software requirements in the documentation, manpages, my obscure set of
typedefs, variable names, configuration parameters, fingerprint checking
code and so forth), except that it offers fewer features and considerably
less accuracy than the most recent version of my utility
[http://lcamtuf.coredump.cx/p0f.shtml], as the fingerprinting code is
mostly based on a very old version of the program.

Naturally, p0f is open source, and hence can be copied and reused any way
you wish, except that it appears to be a good idea to credit the author if
you establish a work that is merely a dumbed down version of the code,
reuses some fairly novel ideas, and is not really offering any noteworthy
improvements over the original, particularly if you then announce it
publicly.

Heck, even the name appears to be quite similar.

As such, although I am not opposed to attempts to further advance the
field of passive fingerprinting, in this particular I would advise BUGTRAQ
readers to stick to p0f for now, which is again available at
http://lcamtuf.coredump.cx/p0f.shtml. P0f is a small, robust and
functional passive OS fingerprinting and NAT detection / network probing
tool.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-06-09 12:45 --

   http://lcamtuf.coredump.cx/photo/current/