Re: How to detect OS with Snort?

[Peter Bates <peter.bates () ucl ac uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 08/05/2012 14:26, Borja Luaces wrote:
> Good afternoon,
>
> First of all I have to say that I am new to Snort.
>
> I am trying to create an alert rule to detect the OS but everytime
> I try it it seems not to work.

Nick has mentioned nmap but depending on what you're trying to do you
might have better luck with PRADS:
http://gamelinux.github.com/prads/
... or p0f, etc.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqSx/AAoJELhVoVpEMS6R/b4H/0/vC8YSxLB15Jtse0nWYhPo
2CAM83FaR529y9cojvVUJ1mGomsbflly2QDnPwIAu9+iTDOWw/oAD6m0U2+ev0Np
Dr7LZKrbj6HhSNribxhJV3Y6ADv0urir7dDxulIBvIkSpAVKyB6lgxcvHILzQ2Ry
UEuLLVPGjdnx6htYKVKITVXwjUtITSKsdXg+NUHGXTBHvQBddk4wmuVg50MsZ8y1
vCgY+fZkcWlkJ2MXskQRIY2YK1ng8m6xfp6U4aqez3v0bqMrOCRZUHPQCh77KH2e
ciKYy2K94vMPVH2+Kd+0tz+7cBxpeDuZ0OAHi45mAgf9cn+DMsBYHI+/1XL1fG8=
=Ddv4
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!