[Snort-users] wireless capabilities

Ibarra, Michael m.ibarra at ...7065...
Wed Oct 23 11:44:04 EDT 2002


-----Original Message-----
From: Florin Andrei [mailto:florin at ...3506...]
Sent: Wednesday, October 23, 2002 2:07 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] wireless capabilities

Are there any plans to include some serious wireless capabilities in

At the bare minimum, an IDS with WiFi capabilities should be able to
- 802.11 Probe Request packets: this is to detect ad-hoc networks, spy
WiFi cards, etc.
- 802.11 Beacon frames: this is to detect rogue access points
Of course, more sophisticated criteria could be considered, including
the detection of unauthorised clients, etc.

Snorting with a WiFi card close to your parking lot is not only fun,
it's actually extremely healthy. ;-)

Note: i am aware Snort is focused on layer 3+, and i am aware that some
people might consider snorting the copper wire to the access points
instead. However, a true WiFi IDS is something that's badly needed these

Florin Andrei

I hope you're not that kind of person, who at the same time
praises the BSD license, but bitches at monopolies.

This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list