[Snort-users] 2 questions: Timeformat + ARP Despoofing.

Glenn Larsson ichinin at ...5794...
Tue May 21 12:47:02 EDT 2002


2 Questions:

1) Will future version of snort start using the
   locally set dateformat/timezone (using Win32)?

  I prefer to have events logged in


  (Swedish) since that makes events automatically list in
  chronological order.

2) What do i look for when doing Arp despoofing?

	I know the usual;
	- Look for Mac adresses appearing > 1
	- Look for Massive arp traffic.
	- Compensate for DHCP traffic.
	(Et cetera)

I've read some docs on (arp-)Despoofing, but i've not
become any wizer.



Snort Log Despoofer, Version 0.0.2.b (Bin+Src)

More information about the Snort-users mailing list