[Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)

Roy S. Rapoport snort-users at ...2006...
Thu Jun 19 09:16:41 EDT 2003

On Tue, Jun 17, 2003 at 10:06:08AM +0100, Keith R Kilby wrote:
> Sorry, but I would have disagree, in my experience anybody attaching to 
> the network and stealing a
> valid IP from your network would only be detectable by checking the MAC 
> address. So it must be
> function of the Intrusion Detection System to report such occurrences.

I completely agree with Mr.Kilby on this point.

Further, I know that in our own enterprise, we've found that the vast
majority of people who attempt an intrusion into our premises start at a
window or door, which is why I think it's absolutely critical that Snort
be modified so it can better interface with alarm systems and cameras.
Ideally, I'd like a preprocessor that compares the faces of people
attempting entry to a database of known 'good' (and perhaps 'bad', also)
images and alerts appropriately.  


More information about the Snort-devel mailing list