Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort arp spoof processor pfsense 2.01

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mohandshamada
      last edited by

      **Hello,
      I need to find and enable arp spoof processor in pfsense 2.01 to detect and block host that generate arp poison and arp spoof packets attacks so list the methode to enable this option and i need to know the basic rules of snort that sould be enabled cause I'm very lost with his rules

      and there is a tool in smoothwall called "TOF" " timed outgoing firewall" that cut internet service on host that use arp spoof program such as netcut**

      1 Reply Last reply Reply Quote 0
      • M
        mohandshamada
        last edited by

        is there are any one to respond my prob

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Smoothwall's site is down at the moment so I have no idea what "TOF" actually does, but I'm betting it's not actually useful in any way shape or form against such attacks. Sure it may cut off the Internet from that source MAC, but anyone who's screwing with ARP on your network is more than smart enough to just change their MAC when that happens. You need controls before you get to the firewall to control such things - on your switches and APs, to actually lock them out of the network. Blocking their Internet accomplishes nothing.

          1 Reply Last reply Reply Quote 0
          • M
            mohandshamada
            last edited by

            thanks for your reply but i tell you that they arn't smart to do that just they use netcut not other else so told me how to enable snort spoof preprocessor in pfsense 2.01

            1 Reply Last reply Reply Quote 0
            • M
              mohandshamada
              last edited by

              I need to block users who just start arp poison attacks in my lan by using snort

              1 Reply Last reply Reply Quote 0
              • M
                mohandshamada
                last edited by

                so any help plz

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.