[Snort-users] Snort!(fp): Fingerprinting with Snort!
sdreed at ...3147...
Wed Jul 14 12:08:10 EDT 2004
Snort!(fp): Real-Time Passive Network Fingerprinting with Snort!
Snort!(fp) extends the capability of the Snort! intrusion detection
open-source product to include OS and network daemon fingerprinting.
Thus, with a properly configure Snort! environment (including the fp
extension), you would be able to determine, given an IDS alert:
(1) What operating system the (alert) source/destination system is running
(2) What network services/daemons the (alert) source/destination
system is running
Snort!(fp) is based on the following tools:
IDS: Snort! (needs to be patched) (v2.1.2)
DB: MySQL (no modifications except to tables)
HTTPD: Apache (no modifications needed)
Interface: ACID (needs to be patched)
OS Fingerprinting: p0f (p2s utility converts to Snort!syntax)
Service Fingerprinting: native Snort! rules
Both Snort! and ACID have been extended to support fingerprinting functions. The ACID database schema has also been modified to support fingerprinting.
More information, downloads and documentation are available at my website:
More information about the Snort-users