dd-wrt + BatBox .Rules - Easy?

Discussion in 'DD-WRT Firmware' started by linkyblinky, Dec 14, 2005.

  1. linkyblinky

    linkyblinky Guest

    I would love to add some of the BatBox .Rules (they appear to be in snort format?) to my dd-wrt v.23 installation. Can BatBox be added to the dd-wrt installation, or is it too dissimilar from the original Linksys firmware? I'm not really sure how accomplish my goal. I would really appreciate any advice!!!

    Thank you !!!!!

    Several sample BatBox .Rule strings:

    alert udp $EXTERNAL_NET 3345 -> $HOME_NET 3344 (msg:"BACKDOOR Matrix 2.0 Server access"; content:"logged in"; reference:arachnids,83; sid:162; classtype:misc-activity; rev:3;)

    alert tcp $HOME_NET 5714 -> $EXTERNAL_NET any (msg:"BACKDOOR WinCrash 1.0 Server Active" ; flags:SA,12; content:"|B4 B4|"; reference:arachnids,36; sid:163; classtype:misc-activity; rev:4;)

    alert udp $EXTERNAL_NET any -> $HOME_NET 123 (msg:"EXPLOIT ntpdx overflow attempt"; dsize: >128; reference:arachnids,492; reference:bugtraq,2540; classtype:attempted-admin; sid:312; rev:2;)

    alert udp $EXTERNAL_NET any -> $HOME_NET 518 (msg:"EXPLOIT ntalkd x86 Linux overflow"; content:"|0103 0000 0000 0001 0002 02e8|"; reference:bugtraq,210; classtype:attempted-admin; sid:313; rev:3;)
  2. 4Access

    4Access Network Guru Member

    I've never tried to get snort running on a WRT but there are packages available from the OpenWRT distro that should be compatible with DD-WRT. See Here.

    Unfortunately there don't appear to be any good guides for setting it up anywhere. Even a quick search of the OpenWRT forum didn't turn up much. Sorry I couldn't be more help. Let us know if you get it working!

