Snort mailing list archives
Re: What machine is that... Anyway?
From: Fyodor <fygrave () tigerteam net>
Date: Mon, 3 Sep 2001 16:24:52 +0700
On Mon, Sep 03, 2001 at 01:22:50AM -0700, Chris Adams wrote:
On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:Well, it would seem to me that if it has an unknown address on your network, you've already spotted it. You would really need something like nmap to make a stab at what type of OS is running on it.There is another tool for fingerprinting, that often does a better job than nmap. Check out http://www.sys-security.com/html/projects/X.html. Impressive stack analysis!xprobe has better depth than nmap on the Microsoft stacks but doesn't have anything like the breadth of coverage for different operating systems. It might be interesting to write a script which uses several of the available tools to double-check any guesses.
Hold off your breath until the next release of xprobe. :-) Additionally there're some people working on incorporating xprobe and nmap fingerprinting techniques into a single tool. When it comes out, it might be really interesting :-) -- http://www.notlsd.net PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert_unixsock, (continued)
- Alert_unixsock Anupam Bansal (Sep 02)
- Re: Alert_unixsock Fyodor (Sep 03)
- Message not available
- Re: Alert_unixsock Fyodor (Sep 04)
- Re: Alert_unixsock Fyodor (Sep 04)
- Data structures in rules.h Anupam Bansal (Sep 25)
- -A alert option Anupam Bansal (Sep 02)
- Re: Promiscuouls Mode Question Fyodor (Sep 03)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 03)
- Re: What machine is that... Anyway? Chris Adams (Sep 03)
- Re: What machine is that... Anyway? Fyodor (Sep 03)