Re: Taking Down Wifi

[Martin Roesch <roesch () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's a known bug on MBP's.  For what it's worth, it happens to me on  
my MBP too and I curse it mightily whenever I forget and start a  
sniffer on the wireless interface by accident.

 From the wireshark lists:

http://www.mail-archive.com/wireshark-users () wireshark org/msg00803.html

Apple uses Snort internally, maybe I can lob a query in there and  
they'll leap into action.  (And maybe Steve Jobs will give me a  
personal call to thank me.  I can always dream....)

        -Marty

On Aug 29, 2007, at 9:32 AM, Quantum Scientific wrote:

> I've turned off promiscuous.  Same problem.  Gotta ditch Snort.
>
>
> On 29 Aug, 2007, at 04:06, Dev Null wrote:
>
> > > I have no idea :(. All I know is that passive sniffing and being  
> > > connected at the same time just do not work.
> >
> > Kismet and company switch channels in order to scan, which  
> > automatically drops you from whatever AP you were connected to on  
> > the (now) old channel.
> >
> > Not sure why just firing up snort would drop AP. I suspect the  
> > driver sees the card is now in promiscuous mode and decides it  
> > needs to reset the card / AP association.
> >
> > Kinda weird. I do wifi sniffing w/ snort and kismet all the time.  
> > Kismet drops AP as expected. Snort never does.
> > --------------------------------------------------------------------- 
> > ----
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a  
> > browser.
> > Download your FREE copy of Splunk now >>  http://get.splunk.com/ 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a  
> browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/ 
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFG1X/uqj0FAQQ3KOARAudVAJ0eEB1TOmpfI6KA7nvhvR1SLJ1MIQCbBHmo
R7IBYFlzZu63biNXcdGfsbQ=
=h9FT
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users