dd-wrt + BatBox .Rules - Easy?

Discussion in 'DD-WRT Firmware' started by linkyblinky, Dec 14, 2005.

  1. linkyblinky

    linkyblinky Guest

    I would love to add some of the BatBox .Rules (they appear to be in snort format?) to my dd-wrt v.23 installation. Can BatBox be added to the dd-wrt installation, or is it too dissimilar from the original Linksys firmware? I'm not really sure how accomplish my goal. I would really appreciate any advice!!!

    Thank you !!!!!

    Several sample BatBox .Rule strings:

    alert udp $EXTERNAL_NET 3345 -> $HOME_NET 3344 (msg:"BACKDOOR Matrix 2.0 Server access"; content:"logged in"; reference:arachnids,83; sid:162; classtype:misc-activity; rev:3;)

    alert tcp $HOME_NET 5714 -> $EXTERNAL_NET any (msg:"BACKDOOR WinCrash 1.0 Server Active" ; flags:SA,12; content:"|B4 B4|"; reference:arachnids,36; sid:163; classtype:misc-activity; rev:4;)

    alert udp $EXTERNAL_NET any -> $HOME_NET 123 (msg:"EXPLOIT ntpdx overflow attempt"; dsize: >128; reference:arachnids,492; reference:bugtraq,2540; classtype:attempted-admin; sid:312; rev:2;)

    alert udp $EXTERNAL_NET any -> $HOME_NET 518 (msg:"EXPLOIT ntalkd x86 Linux overflow"; content:"|0103 0000 0000 0001 0002 02e8|"; reference:bugtraq,210; classtype:attempted-admin; sid:313; rev:3;)
    :D :D
  2. 4Access

    4Access Network Guru Member

    I've never tried to get snort running on a WRT but there are packages available from the OpenWRT distro that should be compatible with DD-WRT. See Here.

    Unfortunately there don't appear to be any good guides for setting it up anywhere. Even a quick search of the OpenWRT forum didn't turn up much. Sorry I couldn't be more help. Let us know if you get it working!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice