Snort-Wireless adds several new features for 802.11 IDS functionality to the standard Snort distribution. These features allow one to specify custom rules for detecting specific 802.11 frames, rogue access points, AdHoc networks, and Netstumbler like behavior in the vicinity of the Snort-Wireless sensor.
In order to accomplish this, Snort's rule engine has been augmented with support for a new "wifi" protocol. The remainder of the features are implemented as preprocessors that can be configured and tuned as desired according to the site of deployment.
The following is intended to be a guide for writing rules using the new "wifi" protocol and its accompanying plugins, as well as the preprocessors used for rogue network and netstumbler detection.
| Contents | Next Chapter |