Snort!(fp): Fingerprinting with Snort!

[Stephen Reed <sdreed () verizon net>]

Snort!(fp): Real-Time Passive Network Fingerprinting with Snort!

Snort!(fp) extends the capability of the Snort! intrusion detection 
open-source product to include OS and network daemon fingerprinting.

Thus, with a properly configure Snort! environment (including the fp
extension), you would be able to determine, given an IDS alert:
(1) What operating system the (alert) source/destination system is running
(2) What network services/daemons the (alert) source/destination 
system is running

Snort!(fp) is based on the following tools:

IDS:                    Snort! (needs to be patched) (v2.1.2)
DB:                     MySQL (no modifications except to tables)
HTTPD:                  Apache (no modifications needed)
Interface:              ACID (needs to be patched)
OS Fingerprinting:      p0f (p2s utility converts to Snort!syntax)
Service Fingerprinting: native Snort! rules

Both Snort! and ACID have been extended to support fingerprinting functions. The ACID database schema has also been 
modified to support fingerprinting. 

More information, downloads and documentation are available at my website:
http://mysite.verizon.net/sdreed/

Enjoy!




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users