[Snort-devel] Re: [Snort-users] Wishful thinking - Passive Fingerprinting module

shawn . moyer shawn at ...232...
Fri Jan 26 19:45:15 EST 2001


Craig Smith has a Perl script in the contrib directory that analyzes
Snort logs and makes some guesses on OS's, it didn't work on my logs,
though, possibly it needs logs in a certain format? I wonder, could
someone incorporate this as a preprocessor? Even cooler would be if this
used Nmap's very extensive fingerprint database. 

I'd love to be able to look at my SnortSnarf page and see an "alerts by
Operating System" page... 

"Oh look! All the script kiddies have upgraded to Linux 2.4 now!" :)
 



--shawn


Guy Bruneau wrote:
> 
> I second Lance's idea. I think it would be quite usefull as well.
> 
> Guy
> 
> --
> Guy Bruneau, GCIA
> Ma page est a/My page at: http://www.penguinpowered.com/~bruneau
> 
> Lance Spitzner wrote:
> 
> > I feel this is a great one to add to the wish list.
> >
> > A plugin that determines the operating system (and
> > potentially applications) of the remote host
> > based on the makeup of the packets the remote host
> > sends.  Not only would this be a great way to learn
> > about the bad guys, but a great way to learn about
> > and map your own network :)
> >
> > --
> > Lance Spitzner
> > http://project.honeynet.org
> >
> > _

-- 
s h a w n   m o y e r
shawn at ...232...




More information about the Snort-devel mailing list