ARP packets, exploits

[chris <cfeldmann () nyc rr com>]

I am using snort behind shorewall at home because, frankly, I find IDS
interesting (write SQL for a living, which helps a bit), but I am an
admitted newbie. The preponderance of my logs (~95%) are ARP packets;
they really stack up. Since I am behind a fairly muscular firewall
configuration (there are a few ports open, e.g. ssh and http) would it
be a big deal to write a rule to just drop these (from the logs, not
drop the packets)? I can filter them (I guess, haven't tried yet) to an
ignored table in the DB, but are there exploits that would appear as
ARP-header packets? Is it obvious that I'm lazily posting when I could
find this online (I hate it when people do that)? Actually I have pulled
a bit of hair researching this before posting.

Thanks,
Chris



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users