Traditionally, IDS systems such as snort have been used to monitor attacks against or within a network. This talk will give the outline for turning those tools around and instead using them to audit networks. We will discuss how to identify OSís, tell who is patching, what services are being deployed (perhaps insecurely), and other methods for policy enforcement. This discussion is ideally suited for administrators and security professionals in open and/or decentralized environments, especially those charged with auditing the network. While several signatures and sample scripts will be discussed during this talk, this is a relatively new area of auditing and network security so questions, comments and volunteers will all be welcome.