Rick Macdougall wrote:
Jonas Eckerman wrote:
Mark Martinec wrote:
Indeed. Also coupling it with p0f (passive operating system
fingerprinting)
Good idea. Should have thought of that. :-)
About p0f see:
Those who like SQL might like the stuff at
<http://whatever.frukt.org/p0fstats.text.shtml> wich includes my
SpamAssassin plugin. :-)
If I'm reading the docs correctly, it would not be of any use to me
since spamd runs on its on separate server and p0f only supports local
sockets. Correct or is there a way I could use it ?
You could trivially modify the p0f wrapper, and the plugin, that they're
using to listen for tcp connections.
BTW... has anyone ever got the -Q option to have p0f itself listen on a
socket to work, instead of using their own wrapper?
Daryl
