Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort rules with OS info?

From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 13 Feb 2004 20:57:58 -0500
Hi Susan,
That info doesn't exist at this time, we'll be interested to watch your progress! 

     -Marty


On Feb 13, 2004, at 4:47 PM, Susan Coulter wrote:
We're planning on merging our ip-OS information database with our snort infrastructure in order to remove false positives related to OS differences.  (i.e.  alerts that trigger on rules that are Windows specific, when that particular ip runs Linux, etc.) Has anyone else gone thru the snort ruleset and identified (if possible) the Operating System the rules applies to?  If so, is that information available for others?
If I cannot find an existing ruleset that contains OS - we'll go thru the tedious task of doing that, at which point we'll post the info for others. 


--
====================================
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
505-667-8425 phone
505-665-7793 fax
====================================


--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: