I have aip-ssm 20, IPS Version 7.0(6)E4
The ID signature 7101, 7102, 7104 and 7105 is used for detecting attack arp poison.
The sensor works as IDS in promiscuous mode. All traffic is fordwared to sensor.
I have made attack man in the middle with cain & abel but sensor doesn't send alarm. I attach image with signatures.
Why don't sensor detect attack? The network is in zone inside.
Can anybody help me, please?
Did you check if SSM is getting those packets by running "packet display .." command on the sensing interface. In SSM the ARP packets would not be forwarded by ASA to the SSM.