Re: Snort OS Fingerprint Scan Detectino

[wkitty42 () windstream net]

On 11/03/2016 11:06 PM, yasir al-ibrahem wrote:
> Hello,
>
> I'm using NMAP to detect the OS type and version of another machine that hosts
> snort.
>
> Snort is able to detect the ICMP tests, but that doesn't clearly indicate that
> an OS fingerprinting attack is taking place.

OS fingerprinting may not be an attack but i can see how it may be undesirable 
in certain circumstances...

> I'm wondering if snort has such a specific alert. and if there's any specific
> configuration for OS fingerprint detection.

i'm not aware of anything specific to detecting OS fingerprinting being 
performed... that doesn't mean that there isn't such, though...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!