Snort mailing list archives

Re: support for OLSR protocol in Snort

From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Mon, 8 Aug 2011 17:07:34 -0400

I didn't spend too much time reading rfc3626, but it seems that OLSR
always rides on IP/UDP, so a dynamic preprocessor is probably your
best way to go about this.

Cheers,
-matt

On Wed, Aug 3, 2011 at 3:28 PM, Vic O <bugtrack2 () gmail com> wrote:

Hello all, I'm planning to develop a signature-based IDS for OLSR using
Snort as my detection engine. For a very
brief background, OLSR is a wireless ad-hoc routing protocol that is derived
from OSPF. For now, am keeping it simple,
so I do not plan to have router communication during the detection process.
My question is this: how should I approach this?
That is, should I simply make it a snort plugin (OLSR messages are sent
to/from port 698 using UDP), or should I attempt
to directly add OLSR functionality, treating it like protocols like
TCP/ICMP? Any suggestions?
Regards,
Vic
------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel




-- 
Matthew Watchinski
V.P. Vulnerability Research (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-blog.snort.org && http://www.snort.org/vrt/

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts. 
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

support for OLSR protocol in Snort Vic O (Aug 03)
- Re: support for OLSR protocol in Snort Matt Watchinski (Aug 09)