> So, two questions: first, is there a version of p0f that runs under Windows? > I found the Unix version and I found a Windows-port version that is not > compiled (and I haven't used a real compiler in at least ten years).
http://packetstormsecurity.org/files/download/109101/p0f-3.03b-win.zip > Second question: what's the popular recommendation for DNS TTL nowadays? I > think I reset mine many years ago after a discussion here among some other > people. "Universal" default TTL? You could say 4 hours. But it depends on the application, the stage you're at with setting up a new host (testing vs. long-term stable), the need for dynamic changes, all, of course, balanced against much load you want/need to shed. I test using 5m TTLs, but also keep 5- and 10-minute TTLs permanently where we have geographic clusters because that's the only way they work. In other cases, I try for one day. Rarely do I use more than a day even when a host has been stable for a long period, even if I could; with our traffic, I don't mind one DNS request per day for each session. For reference, you can look around at high-traffic sites like web analytics. My two analytics packages use 60s and 5m. I think the first one was at my behest because one of their servers kept going down and needing to be null-routed a couple of years ago! -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.