k-p0f: A high-throughput kernel passive OS fingerprinter

Barnes, Justin M.; Crowley, Patrick

doi:10.1109/ancs.2013.6665187

Cited by 8 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The signature string format is designed to describe various features from multiple protocols and was later adopted by other tools. In 2013, a real-time version of p0f called k-p0f [30] was implemented in the PNA (Passive Network Appliance) kernel module to increase throughput as the k-p0f intercepts packets directly from the network stack. Even though p0f tool was popular, it required manual maintenance of the fingerprint database, and the last version of p0f v3 was released in 2012 with the last meaningful update of the database on May 21, 2014.…”

Section: Overview Of Toolsmentioning

confidence: 99%

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

et al. 2022

View full text Add to dashboard Cite

Section: Overview Of Toolsmentioning

confidence: 99%

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

et al. 2022

View full text Add to dashboard Cite

“…Software-based passive fingerprinting tools cannot keep up with the high load (gigabits/s links). The literature has shown that said tools lead to 38% degradation in throughput [320]. Additionally, such tools are out-of-band, meaning that it is not possible to apply policies on traffic (e.g., after fingerprinting an OS).…”

Section: ) Comparison Between Switch-based and Server-based Access Controlmentioning

confidence: 99%

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

2021

View full text Add to dashboard Cite

Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hard-coded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has attracted significant attention from both the research community and the industry, permitting operators and programmers in general to run customized packet processing functions. This open-design paradigm is paving the way for an unprecedented wave of innovation and experimentation by reducing the time of designing, testing, and adopting new protocols; enabling a customized, top-down approach to develop network applications; providing granular visibility of packet events defined by the programmer; reducing complexity and enhancing resource utilization of the programmable switches; and drastically improving the performance of applications that are offloaded to the data plane. Despite the impressive advantages of programmable data plane switches and their importance in modern networks, the literature has been missing a comprehensive survey. To this end, this paper provides a background encompassing an overview of the evolution of networks from legacy to programmable, describing the essentials of programmable switches, and summarizing their advantages over Softwaredefined Networking (SDN) and legacy devices. The paper then presents a unique, comprehensive taxonomy of applications developed with P4 language; surveying, classifying, and analyzing more than 200 articles; discussing challenges and considerations; and presenting future perspectives and open research issues.

show abstract

“…The categories of information the p0f recognizes are poor. In order to cope with the surge of network traffic caused by the growth of network scale, Barnes et al [23] proposed to deploy p0f in the Linux kernel space, which greatly speeds up analysis of network traffic. PRADS [21] passively listens to network traffic and gathers information on hosts and services.…”

Section: Network Asset Detectionmentioning

confidence: 99%

Assessing the Security of Campus Networks: The Case of Seven Universities

Zheng

Wang

et al. 2021

Sensors

View full text Add to dashboard Cite

The network security situation of campus networks on CERNET (China Education and Research Network) has received great concern. However, most network managers have no complete picture of the network security because of its special management and the rapid growth of network assets. In this investigation, the security of campus networks belonging to seven universities in Wuhan was investigated. A tool called “WebHunt” was designed for campus networks, and with its help, the network security risks were found. Differently from existing tools for network probing, WebHunt can adopt the network scale and special rules of the campus network. According to the characteristics of campus websites, a series of functions were integrated into WebHunt, including reverse resolution of domain names, active network detection and fingerprint identification for software assets. Besides, WebHunt builds its vulnerability intelligence database with a knowledge graph structure and locates the vulnerabilities through matching knowledge graph information. Security assessments of seven universities presents WebHunt’s applicability for campus networks. Besides, it also shows that many security risks are concealed in campus networks, such as non-compliance IP addresses and domain names, system vulnerabilities and so on. The security reports containing risks have been sent to the relevant universities, and positive feedback was received.

show abstract

k-p0f: A high-throughput kernel passive OS fingerprinter

Cited by 8 publications

References 3 publications

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

Assessing the Security of Campus Networks: The Case of Seven Universities

Contact Info

Product

Resources

About