[Snort-users] OpenSource Alternative to SourceFire's RNA

Andy Cuff talisker at ...10050...
Mon Apr 5 06:51:14 EDT 2004


Hi,
Please excuse me if I've grasped the wrong end of the stick, but RNA is a
passive OS fingerprinting tool which feeds into Lightning Console now called
Management Console.

Whilst ossim and threatman appear to be highly valuable tools, to my
knowledge they do not perform Passive OS Fingerprinting as required in the
original post.  I tried to identify every known tool that performed passive
OS fingerprinting last year, the results are here
http://www.securitywizardry.com/osfp.htm if I'm missing any please please
let me know so that I can update the page

take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message ----- 
From: "AJ Butcher, Information Systems and Computing"
<Alex.Butcher at ...11254...>
To: "Josh Berry" <josh.berry at ...10221...>;
<snort-users at lists.sourceforge.net>
Sent: Wednesday, March 31, 2004 9:14 AM
Subject: Re: [Snort-users] OpenSource Alternative to SourceFire's RNA


>
>
> --On 30 March 2004 09:25 -0600 Josh Berry <josh.berry at ...10221...>
> wrote:
>
> > Is anyone working on OpenSource Alternatives to SourceFire's RNA
product?
> > I was thinking about using p0f to dump OS information into a file and
then
> > export it to a database but I really would like to gather service level
> > information and eventually passively identify vulnerabilities.  The only
> > ways that I can think of getting any of this kind of information
passively
> > is with NTOP or developing signatures for Snort alerting on specific
> > services (Seeing Apache 1.3.29 in an HTTP string), sending that data to
a
> > file and then exporting it with another program only updating new
entries.
> >
> > At any level it would be a massive undertaking, anyone interested?
>
> OS-Sim <http://www.ossim.net> looks like the way to go; it correlates the
> results of previous Nessus scans with Snort alerts, and bumps the priority
> of alerts appropriately.
>
> Best Regards,
> Alex.
> -- 
> Alex Butcher: Security & Integrity, Personal Computer Systems Group
> Information Systems and Computing             GPG Key ID: F9B27DC9
> GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list