[Snort-users] wireless capabilities
m.ibarra at ...7065...
Wed Oct 23 11:44:04 EDT 2002
From: Florin Andrei [mailto:florin at ...3506...]
Sent: Wednesday, October 23, 2002 2:07 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] wireless capabilities
Are there any plans to include some serious wireless capabilities in
At the bare minimum, an IDS with WiFi capabilities should be able to
- 802.11 Probe Request packets: this is to detect ad-hoc networks, spy
WiFi cards, etc.
- 802.11 Beacon frames: this is to detect rogue access points
Of course, more sophisticated criteria could be considered, including
the detection of unauthorised clients, etc.
Snorting with a WiFi card close to your parking lot is not only fun,
it's actually extremely healthy. ;-)
Note: i am aware Snort is focused on layer 3+, and i am aware that some
people might consider snorting the copper wire to the access points
instead. However, a true WiFi IDS is something that's badly needed these
I hope you're not that kind of person, who at the same time
praises the BSD license, but bitches at monopolies.
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users