IDS mailing list archives

Re: SNORT: MAC Address Alert

From: noconflic <nocon () texas-shooters com>
Date: Fri, 19 Sep 2003 15:31:58 -0500

[bmcgary () secondfront net] Fri, Sep 19, 2003 at 08:54:34AM -0500 wrote:

Why don't you setup DHCP reservations for the two MAC addresses and assign
them specific IPs? Once the users acquire the known IPs you can track their
activity using Snort and or block traffic at the firewall. I'm assuming
you're using DHCP.


   This can eaily be defeated by manually configureing the IP/Subnet/Gateway
   on the offending machines. Assuming of course they are that smart wich 
   by the looks of it, are not if they are sending spam out of a company 
   network. heh ;-)

- nocon

---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

Current thread:

SNORT: MAC Address Alert James Williams (Sep 18)
- Re: SNORT: MAC Address Alert Jordan Wiens (Sep 19)
  - Re: SNORT: MAC Address Alert Jordan Wiens (Sep 22)
- Re: SNORT: MAC Address Alert Mark Coleman (Sep 19)
- Re: SNORT: MAC Address Alert noconflic (Sep 19)
- Re: SNORT: MAC Address Alert Florin Andrei (Sep 19)
- Re: SNORT: MAC Address Alert Brad McGary (Sep 19)
  - Re: SNORT: MAC Address Alert noconflic (Sep 22)
    - Re: SNORT: MAC Address Alert Maxime Ducharme (Sep 22)
- <Possible follow-ups>
- RE: SNORT: MAC Address Alert Jorge Coll (Sep 22)