[Snort-users] Fwd: How to detect OS with Snort?

Peter Bates peter.bates at ...15381...
Wed May 9 07:19:14 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 09/05/2012 11:51, Borja Luaces wrote:
> origen=enob&eai_tipoCP=up&eai_URLDestino=&idioma=CAS&iconizable=N&eai_user=test_user&eai_password=test_p&selProductos=posicionGlobal
>
>  The idea is launch an alert using that parameter.
> 
> This is why I tried the rule:
> 
> alert tcp any any -> any any (msg:""; content:"Windows NT"; ...)
> 
> but seems no to work.

Just to clarify, you're posting authentication details in the clear, here?

Is the Snort sensor actually running on the website that you are
monitoring?

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqlKyAAoJELhVoVpEMS6RO5EH/jV1SQzpFCG9ERGM7VMeiXp+
JpmTPAPvn5W0XwNLMvkLbStsD79HfOsQCtYzYUVEly4NFvfrzrj3ROFRKHj1ZjQL
G2yo/PIb0YouE4NtK37M7/4iLkODQPXfI7qW6NLVFhUTw2q02VK5gFlinDYF/wNV
aZvkWfN2zne45I+0N3qKEtFINE3YkSlRlNOCLm+GoqhCqZK1wJ2Sy13FGG4t4yO5
ryLZbIaSe9Gac56vwYsFBSZJcFnTnC8Z/J6iKR1FjK+WTEobPu7TgsN7Z/cbty5v
Aqr2oDdNYPvWyCvXVnl/mWZvsEhsYDsbUKgV7KeNHE9qOiUPONgNYaK9PkkAAwM=
=BUtp
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list