[Oisf-users] Doubts about IoT

David Sussens dsussens at gmail.com
Fri Apr 13 10:24:20 UTC 2018

A possible solution is scripting a network wide NMAP scan and using -sV to
grab banners.  That would give a general understanding of what the devices
on your network are, and what they are doing.

This will leave a pretty large footprint and generate a fair amount of
traffic depending on the number of devices out there though and assumes
that the IOT device is not running some sort of firewall.

Some of the NMAP plugins might give further information as well, and the -O
"OS fingerprinting" plugin can give some interesting information, but is
not 100% accurate.

A better long term solution would be to have a central syslog server that
you can get your network equipment to log to, to determine when new devices
are deployed on the network.

David Sussens.

On Thu, Apr 12, 2018 at 8:49 PM, Rildo Souza <rildo.souza at rnp.br> wrote:

> Hello people,
> I would like to know if anybody has information how is possible to
> identify IoT devices at my network.
> Someone know any plugin or rule to identify ?
> Best Regards,
> Rildo Antonio de Souza
> Analista de Seguran├ža
> Centro de Atendimento a Incidentes de Seguran├ža - CAIS
> Rede Nacional de Ensino e Pesquisa - RNP
> (19) 3787-3368 - http://www.rnp.br/cais
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180413/412a3096/attachment.html>

More information about the Oisf-users mailing list