Snort mailing list archives
Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)
From: Michael Boman <michael.boman () securecirt com>
Date: 17 Jun 2003 13:22:32 +0800
On Tue, 2003-06-17 at 12:23, Atul Shrivastava wrote:
Hello, There is one feature which is lacking in Snort. The feature is such that we can make rule based on the MAC address. I mean to say that I will make a pool of valid MAC addresses and then if any of the MAC addresses doesn't match with this MAC address pool then a alert has been generated for that. For that it is required to add one more preprocessor and then in that preprocessor we have to manually add the MAC addresses. Is it possible, because this feature is not there in any of the leading IDS. This feature solves the problem that if anyone comes to your internal LAN physically with this laptop and then plugs his laptop into the internal LAN and takes a valid IP from some employess on personal basis and try to copy some important and confidential data from the network or try to do something illegal in the network, if this feature is there then he bill be caught by that thing. Any sugessions are welcome.
Why not run arpwatch? Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- New Feature based on MAC address filterig (Possible !!!!!) Atul Shrivastava (Jun 17)
- Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!) Frank Knobbe (Jun 16)
- Re: Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!) David Alonso De La Vega Tapage (Jun 17)
- Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!) Michael Boman (Jun 16)
- Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!) Frank Knobbe (Jun 16)