Snort mailing list archives
Re: How to detect OS with Snort?
From: Borja Luaces <borja.luaces () gmail com>
Date: Thu, 17 May 2012 12:54:18 +0200
Hello all, The problem is that I can NOT install anything in the snort system. I can ONLY use snort rules. I am making tests with the preproccesor http_inspect. On Thu, May 17, 2012 at 11:47 AM, Jason Haar <Jason_Haar () trimble com> wrote:
On 17/05/12 04:02, Olaf Schreck wrote:In OpenSource land, p0f is the best tool to go about detecting OSes.Or OpenBSDs pf firewall which has this functionality built in....except I wouldn't trust either to make blocking decisions. I've used p0f for years and even though it's very useful, it still gets a lot of packets wrong - eg Windows systems declared as Linux - and 3 packets later being Windows. Great metadata - but I wouldn't block/alert on it -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Borja Luaces Altares Administrador/Analista de Sistemas (MCSE Security,C|EH & CSSA)
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Fwd: How to detect OS with Snort?, (continued)
- Re: Fwd: How to detect OS with Snort? Kevin Ross (May 09)
- Re: Fwd: How to detect OS with Snort? Borja Luaces (May 09)
- Re: Fwd: How to detect OS with Snort? Peter Bates (May 09)
- Re: Fwd: How to detect OS with Snort? Paul Schmehl (May 09)
- Re: Fwd: How to detect OS with Snort? Borja Luaces (May 09)
- Re: Fwd: How to detect OS with Snort? Kevin Ross (May 09)
- Re: How to detect OS with Snort? Joel Esler (May 16)
- Re: How to detect OS with Snort? Olaf Schreck (May 16)
- Re: How to detect OS with Snort? Jason Haar (May 17)
- Re: How to detect OS with Snort? Borja Luaces (May 17)