[Snort-users] Fwd: How to detect OS with Snort?

Joel Esler jesler at ...1935...
Tue May 8 16:39:19 EDT 2012

At Sourcefire we have another piece of software that does this and feeds the information to Snort.  But that's a commercial (non-open source) product.


On May 8, 2012, at 3:25 PM, Borja Luaces <borja.luaces at ...11827...> wrote:

> Firstly, thanks.
> i know that Nmap is a better tool but the fact is that the rule is to detect specific attacks from windows OS. The company I work for does not allow me to install anything else. I have to do it with snort this is why I am trying that rule but it seems not to work.
> Another fact is that I can not access snort logs to try to know why the rule is not working.
> I have just implemented a VM with snort to try the rules before  launching them into the main IDS.
> -- 
> Borja Luaces Altares
> Administrador/Analista de Sistemas (MCSE Security,C|EH & CSSA)
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list