[Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)
Roy S. Rapoport
snort-users at ...2006...
Thu Jun 19 09:16:41 EDT 2003
On Tue, Jun 17, 2003 at 10:06:08AM +0100, Keith R Kilby wrote:
> Sorry, but I would have disagree, in my experience anybody attaching to
> the network and stealing a
> valid IP from your network would only be detectable by checking the MAC
> address. So it must be
> function of the Intrusion Detection System to report such occurrences.
I completely agree with Mr.Kilby on this point.
Further, I know that in our own enterprise, we've found that the vast
majority of people who attempt an intrusion into our premises start at a
window or door, which is why I think it's absolutely critical that Snort
be modified so it can better interface with alarm systems and cameras.
Ideally, I'd like a preprocessor that compares the faces of people
attempting entry to a database of known 'good' (and perhaps 'bad', also)
images and alerts appropriately.
More information about the Snort-devel