[Snort-users] Wishful thinking - Passive Fingerprinting module

Martin Roesch roesch at ...421...
Fri Jan 26 23:21:55 EST 2001


It's already on the drawing board, but no code has been written yet. 
You could do a passive target-based IDS if you could get this running
with enough granularity to make some fairly broad identifications of
operating systems.

    -Marty

Guy Bruneau wrote:
> 
> I second Lance's idea. I think it would be quite usefull as well.
> 
> Guy
> 
> --
> Guy Bruneau, GCIA
> Ma page est a/My page at: http://www.penguinpowered.com/~bruneau
> 
> Lance Spitzner wrote:
> 
> > I feel this is a great one to add to the wish list.
> >
> > A plugin that determines the operating system (and
> > potentially applications) of the remote host
> > based on the makeup of the packets the remote host
> > sends.  Not only would this be a great way to learn
> > about the bad guys, but a great way to learn about
> > and map your own network :)
> >
> > --
> > Lance Spitzner
> > http://project.honeynet.org
> >
> > _

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list