Snort mailing list archives
Snort!(fp): Fingerprinting with Snort!
From: Stephen Reed <sdreed () verizon net>
Date: Thu, 24 Jun 2004 11:46:14 -0400
Snort!(fp): Real-Time Passive Network Fingerprinting with Snort! Snort!(fp) extends the capability of the Snort! intrusion detection open-source product to include OS and network daemon fingerprinting. Thus, with a properly configure Snort! environment (including the fp extension), you would be able to determine, given an IDS alert: (1) What operating system the (alert) source/destination system is running (2) What network services/daemons the (alert) source/destination system is running Snort!(fp) is based on the following tools: IDS: Snort! (needs to be patched) (v2.1.2) DB: MySQL (no modifications except to tables) HTTPD: Apache (no modifications needed) Interface: ACID (needs to be patched) OS Fingerprinting: p0f (p2s utility converts to Snort!syntax) Service Fingerprinting: native Snort! rules Both Snort! and ACID have been extended to support fingerprinting functions. The ACID database schema has also been modified to support fingerprinting. More information, downloads and documentation are available at my website: http://mysite.verizon.net/sdreed/ Enjoy! ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort!(fp): Fingerprinting with Snort! Stephen Reed (Jul 14)