Snort mailing list archives

2 questions: Timeformat + ARP Despoofing.

From: Glenn Larsson <ichinin () swipnet se>
Date: Tue, 21 May 2002 08:16:10 +0200

Hello.

2 Questions:
------------

1) Will future version of snort start using the
   locally set dateformat/timezone (using Win32)?

  I prefer to have events logged in

        YYYY/MM/DD-HH:MM:SS

  (Swedish) since that makes events automatically list in
  chronological order.

2) What do i look for when doing Arp despoofing?

        I know the usual;
        - Look for Mac adresses appearing > 1
        - Look for Massive arp traffic.
        - Compensate for DHCP traffic.
        (Et cetera)

I've read some docs on (arp-)Despoofing, but i've not
become any wizer.

Thanks.
Glenn

______________________________________________

Snort Log Despoofer, Version 0.0.2.b (Bin+Src)
http://www.geocities.com/ichinin/SLD.htm

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

2 questions: Timeformat + ARP Despoofing. Glenn Larsson (May 21)