search

eldondev / Snort

An IDS (Couldn't find Snort on github when I wanted to fork)
http://www.snort.org/
Other
115 stars 108 forks source link

Snort does not detect ARP spoofing attacks. #1

Open sakas23 opened 4 years ago

sakas23 commented 4 years ago

Hello community,

I have installed snort as an IDS and it works fine.

Then i changed the preprocessor arpspoof settings to try to detect arp spoof attacks.

But snort does not show any alerts.

My settings:

preprocessor arpspoof preprocessor arpspoof_detect_host: 192.168.1.9 xx:xx:xx:xx:xx:xx preprocessor arpspoof_detect_host: 192.168.1.6 xx:xx:xx:xx:xx:xx

What could be the problem is this case?

Thanks in advance.

Toghrul000 commented 1 year ago

Same for me as well, I have set snort in raspberry Pi and did test arp poison attacks. I checked arp cache and arp spoof attack worked but snort did not detect it

EDIT: https://www.youtube.com/watch?v=7My56ojZ-OI this guy helped me lol. Apparently we should also add preprocessor rules as well after uncommenting arpspoof preprocessor