Snort mailing list archives
Re: arpspoof preprocessor
From: Morgan Marquis-Boire <morganm () datacom co nz>
Date: Tue, 20 Aug 2002 13:52:42 +1200
Thanks.I have been using arpwatch I was hoping that I could get snort to do the same thing.
Ah well... Morgan Matt Kettler wrote:
Quite frankly, I'd recommend using arpwatch if you want a good "automatic IP address change" detector. Very verbose output, automatically monitors all arps and logs new/changed IPs. Snort's arpspoof plugin is fairly new, and not quite that feature-rich yet. Functional, but not feature-rich.At 10:37 AM 8/20/2002 +1200, Morgan Marquis-Boire wrote:Hey,Does anyone know how to get more verbose logging from the arpspoof detection? My conf file is as follows:preprocessor arpspoof preprocessor arpspoof_detect_host: <localhost> <MAC address> preprocessor arpspoof_detect_host: <gateway> <MAC address> and the alerts I get read as follows.08/20-10:02:01.671517 [**] [112:3:1] Ethernet destination/ARP target address mismatch [**]I would like to be able to get the ip address of the host whose MAC has changed in the alert.Cheers, Morgan ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- arpspoof preprocessor Morgan Marquis-Boire (Aug 19)
- Re: arpspoof preprocessor Matt Kettler (Aug 19)
- Re: arpspoof preprocessor Morgan Marquis-Boire (Aug 19)
- Re: arpspoof preprocessor Andreas Östling (Aug 19)
- Re: arpspoof preprocessor Matt Kettler (Aug 19)