Snort mailing list archives
Re: snort rules with OS info?
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 13 Feb 2004 20:57:58 -0500
Hi Susan,That info doesn't exist at this time, we'll be interested to watch your progress!
-Marty On Feb 13, 2004, at 4:47 PM, Susan Coulter wrote:
We're planning on merging our ip-OS information database with our snort infrastructure in order to remove false positives related to OS differences. (i.e. alerts that trigger on rules that are Windows specific, when that particular ip runs Linux, etc.) Has anyone else gone thru the snort ruleset and identified (if possible) the Operating System the rules applies to? If so, is that information available for others?If I cannot find an existing ruleset that contains OS - we'll go thru the tedious task of doing that, at which point we'll post the info for others.-- ==================================== Susan Coulter Network Security Team CCN-5 Network Engineering Los Alamos National Laboratory 505-667-8425 phone 505-665-7793 fax ====================================
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort rules with OS info? Susan Coulter (Feb 13)
- Re: snort rules with OS info? Martin Roesch (Feb 13)