Snort mailing list archives
Re: Using Snort for Wireless
From: Skip Carter <skip () taygeta com>
Date: Wed, 03 Apr 2002 10:10:23 -0800
Has anyone thought of using Snort specifically geared towards wireless? I would think that rules can be written specifically towards wireless use (like writing a rule to look for 'All your 802.11 belong to us' to look for Netstumblers?).
I suppose you could use Snort for this, but other security tools/applications seem to be better suited to this task. For example, you might configure Snort to generate an alert when an unauthorized IP address is originating data on the WLAN, but your WLAN firewall should already be doing this (it also won't get triggered if the intruder uses a legitimate IP). If Snort watched MAC addresses, it might be useful for detecting unauthorized interfaces running on the WLAN. Again, a firewall or a program like Arpwatch can provide this. (this monitoring can also be defeated by a determined WLAN intruder). -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using Snort for Wireless Lists (Apr 03)
- Re: Using Snort for Wireless Mike Craik (Apr 03)
- Re: Using Snort for Wireless james (Apr 03)
- Re: Using Snort for Wireless Skip Carter (Apr 03)
- Re: Using Snort for Wireless Erek Adams (Apr 03)
- Re: Using Snort for Wireless Aaron Richard Walters (Apr 04)
- Re: Using Snort for Wireless Mike Craik (Apr 04)
- Re: Using Snort for Wireless Nick Petroni (Apr 04)
- what would be the appropriate thing to do? Onie Camara (Apr 04)