[Snort-devel] Re: [Snort-users] Wishful thinking - Passive Fingerprinting module

Martin Roesch roesch at ...48...
Fri Jan 26 22:49:17 EST 2001


The output format changed a bit between versions 1.6.3 and 1.7, the Perl
parsing is probably getting screwed up by it.

   -Marty

"shawn . moyer" wrote:
> 
> Craig Smith has a Perl script in the contrib directory that analyzes
> Snort logs and makes some guesses on OS's, it didn't work on my logs,
> though, possibly it needs logs in a certain format? I wonder, could
> someone incorporate this as a preprocessor? Even cooler would be if this
> used Nmap's very extensive fingerprint database.
> 
> I'd love to be able to look at my SnortSnarf page and see an "alerts by
> Operating System" page...
> 
> "Oh look! All the script kiddies have upgraded to Linux 2.4 now!" :)
> 
> 
> --shawn
> 
> Guy Bruneau wrote:
> >
> > I second Lance's idea. I think it would be quite usefull as well.
> >
> > Guy
> >
> > --
> > Guy Bruneau, GCIA
> > Ma page est a/My page at: http://www.penguinpowered.com/~bruneau
> >
> > Lance Spitzner wrote:
> >
> > > I feel this is a great one to add to the wish list.
> > >
> > > A plugin that determines the operating system (and
> > > potentially applications) of the remote host
> > > based on the makeup of the packets the remote host
> > > sends.  Not only would this be a great way to learn
> > > about the bad guys, but a great way to learn about
> > > and map your own network :)
> > >
> > > --
> > > Lance Spitzner
> > > http://project.honeynet.org
> > >
> > > _
> 
> --
> s h a w n   m o y e r
> shawn at ...232...
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list