Passive OS Fingerprinting (WHM 11.50)

WebEndev

Member
Hello,

One of the servers I work with just updated to WHM 11.50.0 (build 10). I noticed that there is an option for Passive OS Fingerprinting.

What is the KnownHost opinion for enabling this? Do you recommend enabling it? Are there any significant increases in resource usage when it is enabled?

Based on the little I could find to read about it, it sounds like it would be a help in tracking intrusions.

Thanks.
 

phpAddict

Active Member
I'm interested to know more too. cPanel says it adds the information to email notifications, but I'm not sure what email notifications it is referring to. If it's for ConfigServer Firewall that's awesome, but I get the feeling they're referring to something else that I'm not using currently.

From: https://documentation.cpanel.net/display/ALD/11.50+Release+Notes#id-11.50ReleaseNotes-PassiveOSfingerprinting(p0f)
In cPanel & WHM version 11.50, we improved the GeoIP identifier and added operating system and other information to email notifications. This information helps you quickly identify visitors that trigger events that cause alerts.
The source of the project has more detailed information: http://lcamtuf.coredump.cx/p0f3/
 
Top