[Snort-users] 2 questions: Timeformat + ARP Despoofing.
ichinin at ...5794...
Tue May 21 12:47:02 EDT 2002
1) Will future version of snort start using the
locally set dateformat/timezone (using Win32)?
I prefer to have events logged in
(Swedish) since that makes events automatically list in
2) What do i look for when doing Arp despoofing?
I know the usual;
- Look for Mac adresses appearing > 1
- Look for Massive arp traffic.
- Compensate for DHCP traffic.
I've read some docs on (arp-)Despoofing, but i've not
become any wizer.
Snort Log Despoofer, Version 0.0.2.b (Bin+Src)
More information about the Snort-users