Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Guardian

From: Matt Kettler <mkettler () evi-inc com>
Date: Sun, 18 Jul 2004 22:25:27 -0400
At 04:27 PM 7/18/2004, Muhammad Novansarosa wrote:

can i block MAC @ with guardian ?
i had modified it, but still cannot block it


By MAC address??? I'd be very surprised.

Snort isn't particularly mac-address oriented.
Depending what kernel level firewall you're having guardian configure you might be able to do it there directly, but I'd be surprised if either snort or guardian could trigger an event based only on the source MAC of a packet.
I'm pretty sure linux 2.4x's netfilter is capable of this if you've compiled your kernel with the "MAC Address match support" option.
It seems out-of-place to use an IDS to do something trivial like block a MAC or IP address. Firewall scripts do that kind of thing on their own pretty easily. 







-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: