Re: Using snort to detect ethercat

[Martin Holste <mcholste () gmail com>]

That's an interesting problem.  If your networking gear is noticing
the problems, your best bet might be to make sure that they are
generating traps/syslog when this happens and then have a simple trap
receiver send you an email.

On Thu, Jan 27, 2011 at 5:04 AM, Bouma, Wobbe <wobbe.bouma () nl imptob com> wrote:
> Hello All,
>
>
>
> I’ve just setup snort on Ubuntu 10.04.1 using the manual on the snort.org
> website. (I also added B.A.S.E.)
>
> So you can say I’m pretty new to snort, and therefore have lots of
> questions.
>
> My main goal of this little project on mine is to detect layer 2 ethercat
> frames and then sent me an email alert.
>
> Last week some engineers hooked up some beckhoff equipment to the network
> and that caused a lot of ethercat broadcast traffic.
>
> This caused some problems, for example a few switches stopped responding and
> the wireless AP’s didn’t forward DHCP anymore.
>
> Is it possible to detect layer 2 ethercat frames with Snort and if so can
> someone help me out with a rule for this?
>
> And what would be the best way to get email alerts?
>
>
>
> Kind regards,
>
>
>
> WB
>
>
>
>
>
> ________________________________
> Imperial Tobacco Limited and Group Companies
> www.imperial-tobacco.com
> This email is confidential and may contain information that is privileged
> and exempt from disclosure by law. If you have received it in error, please
> contact the sender immediately by return email and then delete it from your
> system; you should not copy it or disclose its contents to anyone. Imperial
> Tobacco Limited and Group Companies reserve the right to monitor all email
> communications through their networks. Emails are not secure and cannot be
> guaranteed to be error free as they can be intercepted, amended, lost or
> destroyed, or contain viruses. Anyone who communicates with us by email is
> taken to accept these risks.
> ________________________________
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users