[Snort-users] Fwd: How to detect OS with Snort?

Borja Luaces borja.luaces at ...11827...
Tue May 8 15:25:26 EDT 2012


Firstly, thanks.

i know that Nmap is a better tool but the fact is that the rule is to
detect specific attacks from windows OS. The company I work for does not
allow me to install anything else. I have to do it with snort this is why I
am trying that rule but it seems not to work.

Another fact is that I can not access snort logs to try to know why the
rule is not working.

I have just implemented a VM with snort to try the rules before  launching
them into the main IDS.

-- 
Borja Luaces Altares
Administrador/Analista de Sistemas (MCSE Security,C|EH & CSSA)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120508/db090134/attachment.html>


More information about the Snort-users mailing list