Re: OpenSource Alternative to SourceFire's RNA

["Andy Cuff" <talisker () securitywizardry com>]

Hi,
Please excuse me if I've grasped the wrong end of the stick, but RNA is a
passive OS fingerprinting tool which feeds into Lightning Console now called
Management Console.

Whilst ossim and threatman appear to be highly valuable tools, to my
knowledge they do not perform Passive OS Fingerprinting as required in the
original post.  I tried to identify every known tool that performed passive
OS fingerprinting last year, the results are here
http://www.securitywizardry.com/osfp.htm if I'm missing any please please
let me know so that I can update the page

take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message ----- 
From: "AJ Butcher, Information Systems and Computing"
<Alex.Butcher () bristol ac uk>
To: "Josh Berry" <josh.berry () netschematics com>;
<snort-users () lists sourceforge net>
Sent: Wednesday, March 31, 2004 9:14 AM
Subject: Re: [Snort-users] OpenSource Alternative to SourceFire's RNA


> --On 30 March 2004 09:25 -0600 Josh Berry <josh.berry () netschematics com>
> wrote:
>
> > Is anyone working on OpenSource Alternatives to SourceFire's RNA
product?
> > I was thinking about using p0f to dump OS information into a file and
then
> > export it to a database but I really would like to gather service level
> > information and eventually passively identify vulnerabilities.  The only
> > ways that I can think of getting any of this kind of information
passively
> > is with NTOP or developing signatures for Snort alerting on specific
> > services (Seeing Apache 1.3.29 in an HTTP string), sending that data to
a
> > file and then exporting it with another program only updating new
entries.
> > At any level it would be a massive undertaking, anyone interested?
>
> OS-Sim <http://www.ossim.net> looks like the way to go; it correlates the
> results of previous Nessus scans with Snort alerts, and bumps the priority
> of alerts appropriately.
>
> Best Regards,
> Alex.
> -- 
> Alex Butcher: Security & Integrity, Personal Computer Systems Group
> Information Systems and Computing             GPG Key ID: F9B27DC9
> GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users