Snort mailing list archives
Re: Snort rule to detect nmap OS scan
From: Alberto Colosi <alcol () hotmail com>
Date: Wed, 29 Mar 2017 22:09:22 +0000
If I'm not wrong , nmap use different ways to detect os. You can sniff or check IP packets sent on the net so to create rules for each method. In all case, don't forget HTTPD , and many various daemons that write out os and some other info. If you are concerned to not publish os kind and version , don't forget daemons. See if it helps https://nmap.org/book/osdetect.html <https://nmap.org/book/osdetect.html> Alberto Colosi ICT NetWork & Security Engineer ________________________________ From: Solomon Melekwe <smelekwe () sleekfm com> Sent: Wednesday, March 29, 2017 11:25 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] Snort rule to detect nmap OS scan Hi, I am trying to find a rule to detect nmap os scan. I have rules that detect tcp port scans, but nothing that detects os scan. I need help please. Sole ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users Info Page - SourceForge - Download, Develop ...<https://lists.sourceforge.net/lists/listinfo/snort-users> lists.sourceforge.net This list is for general discussion of Snort usage, problems, design, etc. Do not use this list, or the members of this list to market your or any other products to. Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Snort Blog<http://blog.snort.org/> blog.snort.org Just released: Snort Subscriber Rule Set Update for 03/23/2017 We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new ... ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rule to detect nmap OS scan Solomon Melekwe (Mar 29)
- Re: Snort rule to detect nmap OS scan Alberto Colosi (Mar 29)