[Snort-users] Wishful thinking - Passive Fingerprinting module

Ofir Arkin ofir at ...949...
Sat Jan 27 22:39:07 EST 2001


Bahhhh.

You can use Snort as it is now as a Passive Fingerprinting engine as well.

I will send some info to the list when I finish the work I am doing.


Ofir Arkin
ofir at ...949...
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Martin Roesch
Sent: Friday, January 26, 2001 8:22 PM
To: Guy Bruneau
Cc: Lance Spitzner; Snort-Users (E-mail)
Subject: Re: [Snort-users] Wishful thinking - Passive Fingerprinting module


It's already on the drawing board, but no code has been written yet.
You could do a passive target-based IDS if you could get this running
with enough granularity to make some fairly broad identifications of
operating systems.

    -Marty

Guy Bruneau wrote:
>
> I second Lance's idea. I think it would be quite usefull as well.
>
> Guy
>
> --
> Guy Bruneau, GCIA
> Ma page est a/My page at: http://www.penguinpowered.com/~bruneau
>
> Lance Spitzner wrote:
>
> > I feel this is a great one to add to the wish list.
> >
> > A plugin that determines the operating system (and
> > potentially applications) of the remote host
> > based on the makeup of the packets the remote host
> > sends.  Not only would this be a great way to learn
> > about the bad guys, but a great way to learn about
> > and map your own network :)
> >
> > --
> > Lance Spitzner
> > http://project.honeynet.org
> >
> > _

--
Martin Roesch
roesch at ...421...
http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users





More information about the Snort-users mailing list