[Snort-users] How to detect OS with Snort?

Nick Moore nmoore at ...1935...
Tue May 8 10:13:11 EDT 2012


Borja,

In truth, a better tool for detecting operating systems is NMAP (
http://nmap.org/download.html). Snort is more for intrusion detection and
network sniffing.

Nick

On Tue, May 8, 2012 at 8:26 AM, Borja Luaces <borja.luaces at ...11827...> wrote:

> Good afternoon,
>
> First of all I have to say that I am new to Snort.
>
> I am trying to create an alert rule to detect the OS but everytime I try
> it it seems not to work.
>
> The rule looks like the following one:
>
> alert tcp any any -> any any (content:"Windows NT";msg:"Microsoft OS
> detected";)
>
> Any help?
>
> Thanks for your time
>
> --
> Borja Luaces Altares
> Administrador/Analista de Sistemas (MCSE Security,C|EH & CSSA)
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120508/f6f67e0a/attachment.html>


More information about the Snort-users mailing list