Snort mailing list archives
Re: Arp Poisoning
From: "Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Sun, 3 May 2020 21:56:04 +0000
You should be able to use the ARP preprocessor to detect the MAC address changes/spoofing. The preprocessor settings are listed in the users guide. Albert Lewis ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Vinukshan Pathmanathan via Snort-sigs <snort-sigs () lists snort org> Reply-To: Vinukshan Pathmanathan <vinukshan98 () gmail com> Date: Saturday, May 2, 2020 at 10:11 PM To: "snort-sigs () lists snort org" <snort-sigs () lists snort org> Subject: [Snort-sigs] Arp Poisoning Hey everyone, I'm nee to using snort and tried to detect an ongoing ettercap arp poisoning attack using snort. Could anyone guide me on the rule used for it. TIA
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Arp Poisoning Vinukshan Pathmanathan via Snort-sigs (May 02)
- Re: Arp Poisoning Al Lewis (allewi) via Snort-sigs (May 03)