[Snort-users] Snort OS Fingerprint Scan Detectino

wkitty42 at ...14940... wkitty42 at ...14940...
Fri Nov 4 12:54:27 EDT 2016

On 11/03/2016 11:06 PM, yasir al-ibrahem wrote:
> Hello,
> I'm using NMAP to detect the OS type and version of another machine that hosts
> snort.
> Snort is able to detect the ICMP tests, but that doesn't clearly indicate that
> an OS fingerprinting attack is taking place.

OS fingerprinting may not be an attack but i can see how it may be undesirable 
in certain circumstances...

> I'm wondering if snort has such a specific alert. and if there's any specific
> configuration for OS fingerprint detection.

i'm not aware of anything specific to detecting OS fingerprinting being 
performed... that doesn't mean that there isn't such, though...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list