Umer, Running p0f does not necessarily offer a stimulus/response test.
Regarding detecting a machine with p0f installed/running, you may have better success simply trying to detect for any network adapter in promiscuous mode. And there's tons of info available on that... HTH, -jeff parker -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of thetic Sent: Thursday, September 04, 2003 2:20 PM To: Michal Zalewski; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Full-Disclosure] Re: [tool] the new p0f 2.0.1 is now out Question concerning the the POF, how can we setup a IDS to detect a POF scan. umer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
