|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rick Zhong (isc00801_at_nus.edu.sg)
Date: Mon Oct 07 2002 - 05:51:57 CDT
hi,
Does snort able to detect ip/ARP hijacking implemented by using Hunt v1.5 ?
I have this setup:
Host A: Linux 7.3
IP 192.18.10.1 (with telnet server and snort installed)
Host B: Linux 7.3
IP 192.18.10.4 (client to the host A)
Intruder
IP 192.18.10.8 (with snot installed)
It seems the intruder is able to catch all the telnet connection between
host A and host B, however the snort on host A is not able to detect the
intrusion. I am using the default snort rules in the snort package. So is
there any available rules or signature which can be used to detect this type
of intrusion.
regards,
Rick
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]