Hosting Provided By

RE: [Snort-devel] New Feature based on MAC address filterig (Poss ible !!!!!)

From: Atul Shrivastava <atul_iet(at)yahoo.com>
Date: Wed Jun 18 2003 - 11:09:47 EDT

Hello,

Yes, that is the real scenario ....

When one attacher tries to attach from internet then attack signatures are there to detect it because if he wants to do file copyig then the firewall will stop him, so no fear of that guy,,, but let think that if someone enters into or network physically (LAN) and puts a valid IP and then transfer a file which is not a attach then it is also a security breach and it is also called an intrusion in terms on managers.

Also when people are trying to get from some other wan network their MAC address has been changed by our network WAN gateway that anyway we can authenticate that he is a valid person and if that traffic enters in the network then it will not generate alerts due to MAC filtering because that traffic has the valid MAC and this MAC is of out GATEWAY WAN interface that we can give in the MAC table.

So I think that new MAC in the network is really a big threat because now the network is anyway going to be mobile as you are saying because of wireless networks and due to most of the employees purchasing laptops....

This will really help the intrusion from the internal network.

Regards,

Atul Shrivastava

Robert Wagner <rwagner@eruces.com> wrote:
> Yes, arpwatch and snort can coexist (or at least
> <http://pa.yahoo.com/*http://rd.yahoo.com/evt=1207/*http://promo.yahoo.com/s
> bc/> Yahoo! DSL - Now only $29.95 per month!

Do you need help?

Regards and have a nice day,

                           Atul Shrivastava






__________________________________

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Jun 18 11:25:15 2003

This message: [ Message body ]
Next message: Erek Adams: "Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)"
Previous message: Rich Adamson : "RE: [Snort-devel] New Feature based on MAC address filterig (Poss ible !!!!!)"
In reply to Robert Wagner: "RE: [Snort-devel] New Feature based on MAC address filterig (Poss ible !!!!!)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT