Snort mailing list archives
RE: preprocessor arpspoof
From: Juan Fernandez <Juan.Fernandez () deltathree com>
Date: Tue, 17 Aug 2004 10:11:32 +0300
How I use arpwatch with snort ? I didn't see even the word arpwatch in snort.conf... Sorry im new to snort. thanks -----Original Message----- From: Matt Kettler [mailto:mkettler () evi-inc com] Sent: Monday, August 16, 2004 11:04 PM To: Juan Fernandez; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] preprocessor arpspoof At 11:14 AM 8/16/2004, Juan Fernandez wrote:
Do I need to insert each mac address of a server that I want to monitor for arp poisoning? If for example I have 50 servers on the DMZ that I want them to be monitored for arp attacks, do I need to enter all there ips+mac addresses here?
Yes.. although I'd suggest using arpwatch instead.. it's a much better tool for this kind of thing, and requires no configuration. It will keep track of ARPs, report new stations, report changes of MAC, bogus IP addresses, IPs that keep "flip-flopping" between two MACs, etc. It's a very handy tool. The arpspoof preprocessor is handy if you only have one or two hosts to monitor, but if you've got lots of hosts, it's cumbersome. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- preprocessor arpspoof Juan Fernandez (Aug 16)
- Message not available
- Re: preprocessor arpspoof Matt Kettler (Aug 16)
- Message not available
- <Possible follow-ups>
- RE: preprocessor arpspoof Juan Fernandez (Aug 17)
- Message not available
- RE: preprocessor arpspoof Matt Kettler (Aug 18)
- Message not available