Snort arp spoof processor pfsense 2.01

  • **Hello,
    I need to find and enable arp spoof processor in pfsense 2.01 to detect and block host that generate arp poison and arp spoof packets attacks so list the methode to enable this option and i need to know the basic rules of snort that sould be enabled cause I'm very lost with his rules

    and there is a tool in smoothwall called "TOF" " timed outgoing firewall" that cut internet service on host that use arp spoof program such as netcut**

  • is there are any one to respond my prob

  • Smoothwall's site is down at the moment so I have no idea what "TOF" actually does, but I'm betting it's not actually useful in any way shape or form against such attacks. Sure it may cut off the Internet from that source MAC, but anyone who's screwing with ARP on your network is more than smart enough to just change their MAC when that happens. You need controls before you get to the firewall to control such things - on your switches and APs, to actually lock them out of the network. Blocking their Internet accomplishes nothing.

  • thanks for your reply but i tell you that they arn't smart to do that just they use netcut not other else so told me how to enable snort spoof preprocessor in pfsense 2.01

  • I need to block users who just start arp poison attacks in my lan by using snort

  • so any help plz

Log in to reply