Snort mailing list archives

Re: What machine is that... Anyway?

From: Chris Adams <chris () improbable org>
Date: Mon, 3 Sep 2001 01:22:50 -0700


On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:

Well, it would seem to me that if it has an unknown address on your
network, you've already spotted it.  You would really need something
like nmap to make a stab at what type of OS is running on it.


There is another tool for fingerprinting, that often does a better job
than nmap. Check out http://www.sys-security.com/html/projects/X.html.
Impressive stack analysis!

xprobe has better depth than nmap on the Microsoft stacks but doesn'thave anything like the breadth of coverage for different operatingsystems. It might be interesting to write a script which uses several ofthe available tools to double-check any guesses.


Chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Promiscuouls Mode Question, (continued)
- - - Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
    - Alert_unixsock Anupam Bansal (Sep 02)
    - Re: Alert_unixsock Fyodor (Sep 03)
    - Message not available
    - Re: Alert_unixsock Fyodor (Sep 04)
    - Re: Alert_unixsock Fyodor (Sep 04)
    - Data structures in rules.h Anupam Bansal (Sep 25)
    - -A alert option Anupam Bansal (Sep 02)
    - Re: Promiscuouls Mode Question Fyodor (Sep 03)
    - Re: Promiscuouls Mode Question Jim Kipp (Sep 03)
  - Re: What machine is that... Anyway? Niek Jongerius (Sep 03)
    - Re: What machine is that... Anyway? Chris Adams (Sep 03)
    - Re: What machine is that... Anyway? Fyodor (Sep 03)
- RE: What machine is that... Anyway? Chris Eidem (Sep 04)