Snort mailing list archives
RE: Wireless IDS setup experience
From: "William Fitzgerald" <wfitzgerald () tssg org>
Date: Fri, 18 Feb 2005 09:48:18 -0000
I am not sure either but when I was asking about it no one responded saying that snort has integrated it. Also the front ends such as BASE and ACID don't show wirless graphs in a percentage bar graph like it does for UDP and TCP traffic. So I am not sure Regards, Will. Mr.William M. Fitzgerald (MSc,BSc), Applied Researcher, Telecommunications Software & Systems Group, Waterford Institute of Technology, Cork Rd. Waterford. Office Ph: +353 51 302937 Mobile Ph: +353 87 9527083 Web: www.williamfitzgerald.org/ -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of sam wun Sent: 18 February 2005 09:48 Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Wireless IDS setup experience Hi, I got snort 2.30, which mentioned it supports wirelesss IDS: # grep -r wireless * pkg-plist:%%PORTDOCS%%%%DOCSDIR%%/README.wireless work/snort-2.3.0/ChangeLog: - wireless arp printing fix work/snort-2.3.0/src/decode.c: * Purpose: Decode those fun loving wireless LAN packets, one at a time! work/snort-2.3.0/src/decode.c: /* lay the wireless structure over the packet data */ work/snort-2.3.0/src/decode.h: WifiHdr *wifih; /* wireless LAN header */ work/snort-2.3.0/src/log.c: * wireless protocol */ work/snort-2.3.0/src/snort.h: /* wireless statistics */ work/snort-2.3.0/src/win32/WIN32-Includes/NET/Bpf.h:#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ work/snort-2.3.0/doc/Makefile.am:README.wireless PROBLEMS RULES.todo WISHLIST faq.pdf faq.tex work/snort-2.3.0/doc/Makefile.in:README.wireless PROBLEMS RULES.todo WISHLIST faq.pdf faq.tex work/snort-2.3.0/doc/signatures/1966.txt:This event is generated when an attempt is made to discover sensitive information associated with a Global Sun Technology wireless access point. And the README.wireless said that: Regular Snort, wireless interface: --------------------------------- To use Snort over a wireless interface in RFMON mode, simply set the card to that mode and start snort with the usual -i <interface> flag. How is sniffing in RFMON mode different from sniffing in Ethernet emulation mode (that is, the mode the card is usually in when you are operating on your own network)? In RFMON mode the card is associated with no particular network, rather it listens to all traffic it can see from any device using 802.11 within range. Similar to using different Virtual LANs on the same piece of wire, many 802.11 networks operate in the same area. For those interested in monitoring only their own network, it is recommended that they leave their wireless card in Ethernet emulation mode. This is no different than snort in the wired environment (and, in fact snort won't even know the difference). For those interested in monitoring all wireless networks within range, RFMON mode should be used. ... I m not sure if snort-wireless had already integrated into snort.2.30. Sam sam wun wrote:
Thanks for a quick reply. Which Wireless server PCI cards can be used? Thanks Sam William Fitzgerald wrote:I have just set one up. Yes it can detect RougueAP, Antistumbler traffic along with auth and deauth flood attacks. Grab a copy of snort-2.1.1 then got to snort-wireless.org and grap both the snort-2.1.1 wirless patch and the snort-2.1.1 database patch. Below is the list of software I needed: MySQL: mysql-standard-4.1.9-pc-linux-gnu-i686 Automake: automake-1.6.1 Snort: snort-2.1.1 Snort-Wireless patches: Snort-2.1.1-wireless Zlib: zlib-1.2.1 [7] JPEG: jpeg-6b Libpng: libpng-1.2.8 GD: gd-2.0.33 Apache: httpd-2.0.52 PHP: php-4.3.10 ADODB: adodb460 ACID: acid-0.9.6b23 PHPLOT: phplot-5.0rc2 JPGRAPH: jpgraph-1.17 BASE: base-1.0.1 Linux: Debian Linux Regards, Will. Mr.William M. Fitzgerald (MSc,BSc), Applied Researcher, Telecommunications Software & Systems Group, Waterford Institute of Technology, Cork Rd. Waterford. Office Ph: +353 51 302937 Mobile Ph: +353 87 9527083 Web: www.williamfitzgerald.org/ Hi, Does anyone have experience in setting up snort as a wireless IDS? I m wondering whether snort can be used to monitor for rogus AP access.
What can be used as a wireless monitoring console? Is there any documentation I can read on? Thanks Sam
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Wireless IDS setup experience sam wun (Feb 18)
- RE: Wireless IDS setup experience William Fitzgerald (Feb 18)
- Re: Wireless IDS setup experience sam wun (Feb 18)
- RE: Wireless IDS setup experience William Fitzgerald (Feb 18)
- Re: Wireless IDS setup experience sam wun (Feb 18)
- RE: Wireless IDS setup experience William Fitzgerald (Feb 18)
- Re: Wireless IDS setup experience sam wun (Feb 18)
- RE: Wireless IDS setup experience William Fitzgerald (Feb 18)