[Snort-users] Virtual Machines and Hypervisors

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Jan 29 12:34:27 EST 2013

What you want is a Systems Management product.  Enumerate applications installed on your assets, lock them down to a standard list, and either disallow anything else, or uninstall it.  You may be able to use nmap to discover unauthorized devices, and/or vulnerability scanners to detect unauthorized operating systems/devices.

Snort definitely isn't the right tool for this.

From: Juan Camilo Valencia [mailto:juan.valencia at ...16028...]
Sent: Tuesday, January 29, 2013 4:59 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Virtual Machines and Hypervisors

Hi Guys,

I am trying to find a way to ban virtual machines and hypervisors in our network, I made a quicly research and I didn't found anything.

Can somebody tell me if exist a way or a method to detect that, one of my ideas is when the VM is configured in NAT mode detect that kind of traffic, but the problem is when the VM is configured in bridge mode.

Thanks for your advance,


Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
Medelllín Colombia

"Choose a job you love, and you will never have to work a day in your life"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130129/dc5b8dca/attachment.html>

More information about the Snort-users mailing list