04-23-2008 09:17 AM - edited 03-10-2019 04:04 AM
Hy all!
My IDS isnt able to distinguish between 3045 NMAP Os Fingerprint and 3002 TCP SYN Port Sweep.. It only shows my the Portsweep..
I use NMAP and i put in the command -O and make a quickscan..
Why is this so? and how can y change this?
Thank you all..
04-23-2008 11:40 AM
I'll ask the signature team to take a look at 3046 NMAP OS Fingerprint. My quick glance leads me to think that its missing a piece of signature info.
SC
04-23-2008 07:27 PM
The signature team tested the signature and said that its working as expected. They reported that it fires (short run):
Sig 1315.0 = 2
Sig 1330.12 = 14
Sig 3002.0 = 1
Sig 3040.0 = 8
Sig 3041.0 = 8
Sig 3046.0 = 15 <- nmap sig.
Sig 6187.0 = 3
you might check to see if you have any drop or modify actions on any of the other signatures...they could be compromising the detection.
SC
04-24-2008 12:35 AM
i have drop all modification and have tested it again.. but nothing only the sweep was in the eventviewer..
How do the team test the signature 3046?
I make it whit NMAP and the option -O..
But thank you so much for your response!!!
miri
04-24-2008 10:02 AM
04-24-2008 11:33 AM
hy.. thank you...
I have download metasploit but i cant find any expoit for the fingerprint.. you know which one it is?
im sorry i am new in security things! ;)
04-25-2008 01:00 PM
I've been told that you have to download the latest version for Windows. It is supposed to ask if you want to install a bundle called "nmapfe" or something...apparently that installs nmap and a front-end for it. I haven't installed it before...so your mileage may vary.
SC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide