suggestion

[John Hally <JHally () epnet com>]

Hello All,

 

What about doing something similar to p0f?  I'm thinking of a daemon option
that watches a span port and dumps out the info to text/sql/whatever.  The
idea I'm thinking of is tying this into ids (snort) alerts to help cut down
on time. (ie, a windows attack to a linux box is obviously low priority)
Possibly down the road becoming a passive vulnerability 'scanner'.  Just a
thought..

 

Thanks!



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev