[Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)

From: Atul Shrivastava <atul_iet(at)yahoo.com>
Date: Tue Jun 17 2003 - 00:23:03 EDT

Hello,  

There is one feature which is lacking in Snort.  

The feature is such that we can make rule based on the MAC address. I mean to say that I will make a pool of valid MAC addresses and then if any of the MAC addresses doesn't match with this MAC address pool then a alert has been generated for that. For that it is required to add one more preprocessor and then in that preprocessor we have to manually add the MAC addresses. Is it possible, because this feature is not there in any of the leading IDS.  

This feature solves the problem that if anyone comes to your internal LAN physically with this laptop and then plugs his laptop into the internal LAN and takes a valid IP from some employess on personal basis and try to copy some important and confidential data from the network or try to do something illegal in the network, if this feature is there then he bill be caught by that thing.  

Any sugessions are welcome.  

Regards and have a nice day,  

Atul Shrivastava    

---

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

---

This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Tue Jun 17 00:37:02 2003