Snort mailing list archives

Re: geting this rule to work

From: Jeremy Hoel <jthoel () gmail com>
Date: Sun, 2 Dec 2012 01:54:24 -0700

Well.. to some degree this is true.  But different OS's have different
flags and options set depending on options, OS, versions, etc.  In the
same way that nmap can figure out OS's by there responses, you could
probably right rules that look for those same fingerprints in bit
options.


On Sat, Dec 1, 2012 at 9:31 AM, waldo kitty <wkitty42 () windstream net> wrote:

networking is networking is networking... you can't really write OS specific
rules for general tasks like networking...


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: geting this rule to work, (continued)
- Re: geting this rule to work Jeremy Hoel (Nov 29)
  - Re: geting this rule to work Giles Coochey (Nov 29)
    - Re: geting this rule to work Jeremy Hoel (Nov 29)
    - Re: geting this rule to work Marcos Rodriguez (Nov 29)
    - Re: geting this rule to work Jeremy Hoel (Nov 29)
    - Re: geting this rule to work Marcos Rodriguez (Nov 29)
    - Re: geting this rule to work waldo kitty (Nov 29)
    - Re: geting this rule to work Akinwale Fasuru (Nov 30)
    - Re: geting this rule to work JJC (Dec 01)
    - Re: geting this rule to work waldo kitty (Dec 01)
    - Re: geting this rule to work Jeremy Hoel (Dec 02)
- Re: geting this rule to work Y M (Nov 29)