Home page logo
/

snort logo Snort mailing list archives

Improving Arpspoof Preprocessor
From: "Mohamed Makthum" <makthum () gmail com>
Date: Mon, 13 May 2013 11:19:39 -0700

Hello Everybody,

                                 At the moment arpspoof preprocessor is in
experimental condition. I want to include some extra features in it and
extend the preprocessor. I am looking for documents or books which can help
me to write or extend snort preprocessor. Currently arpspoof detects
discrepancies based on static list and mac address mismatch. I want to
improve it using ICMP protocol. 

                                    Till now I was able to setup snort with
barnyard2  and snort is triggering alerts and logging events to db. In next
step I would like to get started with the coding. Kindly direct me to links
or books which can help me in extending the preprocessor.  I would be
thankful to everyone .

 

 

Regards,

Mohamed Makthum Mohamed Ikbal 

Graduate student 

UBC

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
  • Improving Arpspoof Preprocessor Mohamed Makthum (May 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault