Hi !
I'm somewhat concerned about ARP spoofing on switched network, specially
because of
ettercap :
-
http://www.securitypronews.com/securitypronews-24-20030623EtterCapARPSpoofingandBeyond.html
- http://www.secuobs.com/news/04102006-ettercap.shtml (It's in french, I
didn't find someting equivalent...)
Ettercap is capable of Man in the middle Attacks (SSL, SSHv1) and
capable of sniffing switched Networks
So to my question : "Is Ossec capable of looking in logs given by tools
like arpwatch and detect suspicious changes ?"
Thanks.
Sioban.
- [ossec-list] Tracking ARP spoof Ossec
-
