Re: [Snort-users] Layer 2 Rules Capability
This is a discussion on Re: [Snort-users] Layer 2 Rules Capability within the Snort forums, part of the System Security and Security Related category; At 12:44 AM 4/5/2004, Kim Wall wrote: >Does anyone know if there is a plug-in ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-05-2004
|
|||
|
|||
Re: [Snort-users] Layer 2 Rules Capability
At 12:44 AM 4/5/2004, Kim Wall wrote:
>Does anyone know if there is a plug-in for Snort that allows the ability >to create layer-2 rules (i.e. MAC-based)? AFAIK the only layer-2 component of snort is the arpspoof preprocessor. Quite frankly, it would be nice if snort added a "ethernet" option to the list of protocols, allowing rule writers to go down to the raw ethernet frame, instead of starting at the IP header.. Using byte offsets, this would facilitate at least crude rules for all kinds of non-IP packet types. (ie: ARP, IPX, etc). However, I'm not sure if the snort code is structured to handle this change, I think it's currently set up in a very "starting at layer-3 as IPv4" centric way. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
