[Snort-users] snort rules with OS info?

Martin Roesch roesch at ...1935...
Fri Feb 13 18:01:01 EST 2004


Hi Susan,

That info doesn't exist at this time, we'll be interested to watch your 
progress!

      -Marty


On Feb 13, 2004, at 4:47 PM, Susan Coulter wrote:

>
>  We're planning on merging our ip-OS information database with our 
> snort infrastructure in order to remove false positives related to OS 
> differences.  (i.e.  alerts that trigger on rules that are Windows 
> specific, when that particular ip runs Linux, etc.)
>  Has anyone else gone thru the snort ruleset and identified (if 
> possible) the Operating System the rules applies to?  If so, is that 
> information available for others?
>
>  If I cannot find an existing ruleset that contains OS - we'll go thru 
> the tedious task of doing that, at which point we'll post the info for 
> others.
>
>
> -- 
> ====================================
> Susan Coulter
> Network Security Team
> CCN-5 Network Engineering
> Los Alamos National Laboratory
> 505-667-8425 phone
> 505-665-7793 fax
> ====================================
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list