The Design and Implementation of laffer1

p0f is a program that analyzes incoming ip traffic and tells you important information about the request including an OS fingerprint.

Its quite neat. I have it installed on the freebsd server and my windows xp box here. It uses the bpf in freebsd to read the inbound traffic. It does not make a connection to the host, but rather uses the information available from the packets the host sends.

Basically its like running nmap -sS -O on a host except you don't know the ports they have open.

I don't think i will leave p0f up all the time, but it might be nice to have if i think i'm under attack.

For example, here is the output from some guy infected with one of those worms:

216.94.201.209:2686 - Windows 2000 SP4, XP SP1 (2)
-> 216.93.162.119:135 (distance 9, link: ethernet/modem)
216.94.201.209:2688 - Windows 2000 SP4, XP SP1 (2)
-> 216.93.162.120:135 (distance 10, link: ethernet/modem)
216.94.201.209:2686 - Windows 2000 SP4, XP SP1 (2)
-> 216.93.162.119:135 (distance 9, link: ethernet/modem)

Here is an example of output from my macintosh:

64.109.110.62:49500 - FreeBSD 4.8-5.1 (or MacOS X 10.2-10.3) (up: 5375 hrs)
-> 216.93.162.119:80 (distance 16, link: sometimes DSL (4))


Of course its wrong on the uptime.. i booted the mac up 4 hours ago.

I upgraded the server today to 4.9 pr1. So far, so good. The kernel is larger but its very peppy. SSH is much more responsive, and compiling seems quick too.

I have the firewall up, but the config got screwed up. Its only blocking limited traffic right now. I want to setup a script to restore my settings if this happens again. I want the firewall just as an extra precautionary measure. I feel the services offered are up to date other than tomcat. There aren't any big security issues with my tomcat install that i'm aware of.. so that means we are good to go. I will upgrade tomcat to release 4.1.27 plus patch today if i get time. 5.x is still to new..

Caryn is waiting on her new ipod. Her mom ordered an ipod for her birthday..

I got her the fm transmitter for her car. I tested it out with my cd player the other day. Its very kewl. It must be right next to the antenna though.. i also had to turn up the volume more than it suggested.

The ipod is coming next week i think. Its customized. I think its the 30 gig model too!

I've been looking at handheld devices. I want to get something i can surf with on the campus 802.11b network. Since i can't get a laptop, i was looking at pocketpc's. The palm units are missing several features i want even though they're mac compatible. Plus caryn's handspring doesn't even work in OSX. With 10.3 coming out, i'm not counting on OS support anyway. I can get third party mac sync software if i want it.

I found a unit for 300 bucks that has integrated 802.11b support, 64mb ram, and an intel 400mhz cpu.. only problem is it has pocketpc 2002 instead of 2003. It comes with pocket everything though plus outlook 2002. i can get an ac adapter with it and plug in during class (2 classes have ports built in to the desk for each student) ac and ethernet. The rooms will be wired at the new campus for wireless in the next 3 weeks at western.

i just renewed foolishgames.com for five years as it was up at the end of the month. I'm so tired of renewing every year.. it was 66 dollars for 5 years.