Snort mailing list archives
Re: arp spoof
From: John Sage <jsage () finchhaven com>
Date: Fri, 28 Jun 2002 05:59:55 -0700
On Fri, Jun 28, 2002 at 05:48:03AM +0300, john wrote:
hi everybody i am new in using snort , when i read the arpspoof preprocessor i cant understand its role from those brief words in the snort.conf file is here another way to learn more about it and the other preprocessors other than snort manual any help is appreciated.........
<snip> #---------------------------------------- # Experimental ARP detection code from Jeff Nathan, detects ARP attacks, # unicast ARP requests, and specific ARP mapping monitoring. To make use # of this preprocessor you must specify the IP and hardware address of hosts on # the same layer 2 segment as you. Specify one host IP MAC combo per line. # Also takes a "-unicast" option to turn on unicast ARP request detection. # preprocessor arpspoof # preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 # keep off as from 1.8.2 <snip> umm.. ARP requests translate a hardware (NIC) address into an IP address. If you don't understand this, you probably don't need to worry, as there may be other fish to fry before you concern yourself with this sort of thing. Note that it does say "experimental", too.. If you *do* want to understand this, and a whole lot of other important stuff, you can't go wrong with" TCP/IP Illustrated, vol.1, W.R. Stevens, Addison-Wesley, 1994 - John -- "You are in a little maze of twisty passages, all different." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- arp spoof john (Jun 27)
- Re: arp spoof John Sage (Jun 28)
- Re: arp spoof Jeff Nathan (Jun 28)