[Snort-users] What machine is that... Anyway?

Fyodor fygrave at ...121...
Mon Sep 3 02:21:02 EDT 2001


On Mon, Sep 03, 2001 at 01:22:50AM -0700, Chris Adams wrote:
> 
> On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:
> 
> >> Well, it would seem to me that if it has an unknown address on your
> >> network, you've already spotted it.  You would really need something
> >> like nmap to make a stab at what type of OS is running on it.
> >
> > There is another tool for fingerprinting, that often does a better job
> > than nmap. Check out http://www.sys-security.com/html/projects/X.html.
> > Impressive stack analysis!
> 
> xprobe has better depth than nmap on the Microsoft stacks but doesn't 
> have anything like the breadth of coverage for different operating 
> systems. It might be interesting to write a script which uses several of 
> the available tools to double-check any guesses.

Hold off your breath until the next release of xprobe. :-) Additionally
there're some people working on incorporating xprobe and nmap
fingerprinting techniques into a single tool. When it comes out, it
might be really interesting :-)

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1




More information about the Snort-users mailing list