[Snort-devel] support for OLSR protocol in Snort

Matt Watchinski mwatchinski at ...402...
Mon Aug 8 17:07:34 EDT 2011


I didn't spend too much time reading rfc3626, but it seems that OLSR
always rides on IP/UDP, so a dynamic preprocessor is probably your
best way to go about this.

Cheers,
-matt

On Wed, Aug 3, 2011 at 3:28 PM, Vic O <bugtrack2 at ...2499...> wrote:
> Hello all, I'm planning to develop a signature-based IDS for OLSR using
> Snort as my detection engine. For a very
> brief background, OLSR is a wireless ad-hoc routing protocol that is derived
> from OSPF. For now, am keeping it simple,
> so I do not plan to have router communication during the detection process.
> My question is this: how should I approach this?
> That is, should I simply make it a snort plugin (OLSR messages are sent
> to/from port 698 using UDP), or should I attempt
> to directly add OLSR functionality, treating it like protocols like
> TCP/ICMP? Any suggestions?
> Regards,
> Vic
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> The must-attend event for mobile developers. Connect with experts.
> Get tools for creating Super Apps. See the latest technologies.
> Sessions, hands-on labs, demos & much more. Register early & save!
> http://p.sf.net/sfu/rim-blackberry-1
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>



-- 
Matthew Watchinski
V.P. Vulnerability Research (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-blog.snort.org && http://www.snort.org/vrt/




More information about the Snort-devel mailing list