[Snort-users] How to detect OS with Snort?

Peter Bates peter.bates at ...15381...
Tue May 8 10:23:59 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 08/05/2012 14:26, Borja Luaces wrote:
> Good afternoon,
> 
> First of all I have to say that I am new to Snort.
> 
> I am trying to create an alert rule to detect the OS but everytime
> I try it it seems not to work.

Nick has mentioned nmap but depending on what you're trying to do you
might have better luck with PRADS:
http://gamelinux.github.com/prads/
... or p0f, etc.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqSx/AAoJELhVoVpEMS6R/b4H/0/vC8YSxLB15Jtse0nWYhPo
2CAM83FaR529y9cojvVUJ1mGomsbflly2QDnPwIAu9+iTDOWw/oAD6m0U2+ev0Np
Dr7LZKrbj6HhSNribxhJV3Y6ADv0urir7dDxulIBvIkSpAVKyB6lgxcvHILzQ2Ry
UEuLLVPGjdnx6htYKVKITVXwjUtITSKsdXg+NUHGXTBHvQBddk4wmuVg50MsZ8y1
vCgY+fZkcWlkJ2MXskQRIY2YK1ng8m6xfp6U4aqez3v0bqMrOCRZUHPQCh77KH2e
ciKYy2K94vMPVH2+Kd+0tz+7cBxpeDuZ0OAHi45mAgf9cn+DMsBYHI+/1XL1fG8=
=Ddv4
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list