Wednesday, December 13, 2006

Using IDS to monitor versions

This probably isn't a new idea per se, but I've started experimenting with using our network IDS to monitor patchlevels on certain applications. The "low hanging fruit" in my case happens to be Thunderbird, which advertises it's version number in every email sent by it in the User Agent field. So, I write a Snort rule to flag versions that are less that the one I want (currently, and generate an alert.


Post a Comment

Links to this post:

Create a Link

<< Home