IDS mailing list archives
Re: SNORT: MAC Address Alert
From: noconflic <nocon () texas-shooters com>
Date: Fri, 19 Sep 2003 15:31:58 -0500
[bmcgary () secondfront net] Fri, Sep 19, 2003 at 08:54:34AM -0500 wrote:
Why don't you setup DHCP reservations for the two MAC addresses and assign them specific IPs? Once the users acquire the known IPs you can track their activity using Snort and or block traffic at the firewall. I'm assuming you're using DHCP.
This can eaily be defeated by manually configureing the IP/Subnet/Gateway on the offending machines. Assuming of course they are that smart wich by the looks of it, are not if they are sending spam out of a company network. heh ;-) - nocon --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- SNORT: MAC Address Alert James Williams (Sep 18)
- Re: SNORT: MAC Address Alert Jordan Wiens (Sep 19)
- Re: SNORT: MAC Address Alert Jordan Wiens (Sep 22)
- Re: SNORT: MAC Address Alert Mark Coleman (Sep 19)
- Re: SNORT: MAC Address Alert noconflic (Sep 19)
- Re: SNORT: MAC Address Alert Florin Andrei (Sep 19)
- Re: SNORT: MAC Address Alert Brad McGary (Sep 19)
- Re: SNORT: MAC Address Alert noconflic (Sep 22)
- Re: SNORT: MAC Address Alert Maxime Ducharme (Sep 22)
- Re: SNORT: MAC Address Alert noconflic (Sep 22)
- <Possible follow-ups>
- RE: SNORT: MAC Address Alert Jorge Coll (Sep 22)
- Re: SNORT: MAC Address Alert Jordan Wiens (Sep 19)