Snort mailing list archives
ARP packets, exploits
From: chris <cfeldmann () nyc rr com>
Date: 28 Aug 2003 00:53:41 -0400
I am using snort behind shorewall at home because, frankly, I find IDS interesting (write SQL for a living, which helps a bit), but I am an admitted newbie. The preponderance of my logs (~95%) are ARP packets; they really stack up. Since I am behind a fairly muscular firewall configuration (there are a few ports open, e.g. ssh and http) would it be a big deal to write a rule to just drop these (from the logs, not drop the packets)? I can filter them (I guess, haven't tried yet) to an ignored table in the DB, but are there exploits that would appear as ARP-header packets? Is it obvious that I'm lazily posting when I could find this online (I hate it when people do that)? Actually I have pulled a bit of hair researching this before posting. Thanks, Chris ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ARP packets, exploits chris (Aug 28)