Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using Snort for Wireless

From: Skip Carter <skip () taygeta com>
Date: Wed, 03 Apr 2002 10:10:23 -0800


Has anyone thought of using Snort specifically geared towards wireless? I
would think that rules can be written specifically towards wireless use
(like writing a rule to look for 'All your 802.11 belong to us' to look for
Netstumblers?).


   I suppose you could use Snort for this, but other security 
tools/applications
   seem to be better suited to this task.  For example, you might configure 
Snort
   to generate an alert when an unauthorized IP address is originating data on 
the
   WLAN, but your WLAN firewall should already be doing this (it also won't get
   triggered if the intruder uses a legitimate IP).

   If Snort watched MAC addresses, it might be useful for detecting 
unauthorized
   interfaces running on the WLAN. Again, a firewall or a program like 
Arpwatch can
   provide this. (this monitoring can also be defeated by a determined WLAN 
intruder).


 
-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            












_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: