Snort mailing list archives
Re: Virtual Machines and Hypervisors
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 29 Jan 2013 10:53:54 -0500
I haven't worked with p0f in several years, but I don't think p0f would do it naturally. You'd have to have p0f identify the different OSes being detected on one IP with multiple macs, or vice versa. p0f doesn't do that. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Jan 29, 2013, at 9:26 AM, Mikael Keri <info () prowling nu> wrote:
Forgotten to cc the list. See below. But to follow up if you can't go the SF way with RNA there is always p0f. But I still think that my original answer would be a way forward for you. Regards Mikael ---------- Vidarebefordrat meddelande ---------- Från: "Mikael Keri" <info () prowling nu> Datum: 29 jan 2013 15:05 Ämne: Re: [Snort-users] Virtual Machines and Hypervisors Till: "Juan Camilo Valencia" <juan.valencia () seguratec com co> Nmap? Also look in switch logs / dhcp logs for mac address that does not belong to your standard hardware platform. This might be a better option then use Snort for the detection. That said there are rules to detects Vmware software update requests Regards Mikael Den 29 jan 2013 14:33 skrev "Juan Camilo Valencia" <juan.valencia () seguratec com co>: Hi Guys, I am trying to find a way to ban virtual machines and hypervisors in our network, I made a quicly research and I didn't found anything. Can somebody tell me if exist a way or a method to detect that, one of my ideas is when the VM is configured in NAT mode detect that kind of traffic, but the problem is when the VM is configured in bridge mode. Thanks for your advance, Regards -- JUAN CAMILO VALENCIA VARGAS Ingeniero de Operaciones SeguraTec S.A.S Calle 11 # 43B-50 of 307 Medelllín Colombia “Choose a job you love, and you will never have to work a day in your life” ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
- Re: Virtual Machines and Hypervisors Ulric Eriksson (Jan 30)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Message not available
- Fwd: Re: Virtual Machines and Hypervisors Mikael Keri (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors mikael keri (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Fwd: Re: Virtual Machines and Hypervisors Mikael Keri (Jan 29)