The detection and prevention for ARP Spoofing based on Snort
暂无分享,去创建一个
As one of powerful and light weight Network Intrusion Detection System, Snort has good expansibility and transplantability, and can be used in various environments. However, Snort has clear deficiency on ARP spoofing detection, and its own ARP spoofing defense is powerless. To realize the detection and prevention of the ARP spoofing, the paper expanded the snort preprocessor plug-ins by adding an ARP detection module. Results shows this way can make Snort sniffer itself has immunity, and make locate the attacker more timely and accurately.
[1] Sophie Engle,et al. AN INTRODUCTION TO ARP SPOOFING , 2001 .
[2] Douglas Comer,et al. Internetworking with TCP/IP , 1988 .
[3] Jin-Wook Chung,et al. Network Security Management Using ARP Spoofing , 2004, ICCSA.
[4] Chin-Tser Huang,et al. A secure address resolution protocol , 2003, Comput. Networks.