[Snort-users] snort + libradiate + inline?

Erek Adams erek at ...950...
Wed Sep 17 05:44:06 EDT 2003


On Mon, 15 Sep 2003, jon baer wrote:

> has anyone seen anything like the such where something could be done for
> deassociating + blocking clients off a wireless lan?
>
> id think in a chain ur write something like (just an idea):
>
> -A INPUT -s 192.168.0.10 -j DEASSOCIATE
>
> im guessing in snort you'd fit it into the flex-resp/inline response:
>
> drop tcp 192.168.0.10 any -> any any (resp: deassociate;)
>
> im just looking to see if there are other doing anything likewise in terms
> of active wireless response.

Wlan + OpenBSD + AuthPF == Solution

Check it out, you'll be impressed.  I know I was!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list