Snort icon indicating copy to clipboard operation
Snort copied to clipboard

Published 20 hours ago verified publisher icon eldondev

Snort does not detect ARP spoofing attacks.

Open sakas23 opened this issue 5 years ago • 1 comments

Hello community,

I have installed snort as an IDS and it works fine.

Then i changed the preprocessor arpspoof settings to try to detect arp spoof attacks.

But snort does not show any alerts.

My settings:

preprocessor arpspoof preprocessor arpspoof_detect_host: 192.168.1.9 xx:xx:xx:xx:xx:xx preprocessor arpspoof_detect_host: 192.168.1.6 xx:xx:xx:xx:xx:xx

What could be the problem is this case?

Thanks in advance.

sakas23 avatar Feb 22 '20 16:02 sakas23

Same for me as well, I have set snort in raspberry Pi and did test arp poison attacks. I checked arp cache and arp spoof attack worked but snort did not detect it

EDIT: https://www.youtube.com/watch?v=7My56ojZ-OI this guy helped me lol. Apparently we should also add preprocessor rules as well after uncommenting arpspoof preprocessor

Toghrul000 avatar May 19 '23 23:05 Toghrul000