From:   wireless@sgdn.pm.gouv.fr
Subject: Re: wireless patch
Date: March 30, 2004 5:21:45 AM MST
To:   andrew@snort-wireless.org

Hi Andrew;
I'm sending you a patch including our change for snort-2.1.1.
Personally, I have added a wifi-statetable process and 3 preprocessors using it:
  - a deauth flood detection preprocessor,
  - an authflood detection preprocessor,
  - a MAC spoofing detection preprocessor.
I have tested macspoof preprocessor with 3 wireless cards and one Access point. It works well.
But it really needs to be tested in a realist wireless network.
I also did a patch for snort-2.1.1 enclosing our change with some #ifdef WIRELESS (snort-2.1.1-wireless.patch).
Unfortunatly, I haven't added any rule-engine support for the new "suppress" and "threshold" rule plugins.
I will now work on a decoding WEP preprocessor. I hope it will be finished in the next 15 days.
Thanks for your motivating answer
Regards sebastien.