[Snort-users] wireless capabilities

Ibarra, Michael m.ibarra at ...7065...
Wed Oct 23 11:44:04 EDT 2002


airsnort?

-----Original Message-----
From: Florin Andrei [mailto:florin at ...3506...]
Sent: Wednesday, October 23, 2002 2:07 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] wireless capabilities


Are there any plans to include some serious wireless capabilities in
Snort?

At the bare minimum, an IDS with WiFi capabilities should be able to
detect:
- 802.11 Probe Request packets: this is to detect ad-hoc networks, spy
WiFi cards, etc.
- 802.11 Beacon frames: this is to detect rogue access points
Of course, more sophisticated criteria could be considered, including
the detection of unauthorised clients, etc.

Snorting with a WiFi card close to your parking lot is not only fun,
it's actually extremely healthy. ;-)

Note: i am aware Snort is focused on layer 3+, and i am aware that some
people might consider snorting the copper wire to the access points
instead. However, a true WiFi IDS is something that's badly needed these
days.

-- 
Florin Andrei

I hope you're not that kind of person, who at the same time
praises the BSD license, but bitches at monopolies.



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list