snort arp scan detection

3.3k Views Asked by At

Hi I am new to Snort and i simulated arp scan attack. I am trying to detect this attack in Snort. No preprocessors detected this attack so i wanted to write a rule for it. But i find out that snort rule does not support arp protocol.

This scan is sending arp request on all possible addresses from subnet 192.168.92.0/24 and waits for an answer which means that host is up. Is it possible to detect these attack using snort rules?

Here is the example of scan from wireshark.

Arp Scan in wireshark

0

There are 0 best solutions below