12-02-2011 03:13 PM - edited 03-10-2019 05:33 AM
Hi,
I have aip-ssm 20, IPS Version 7.0(6)E4
The ID signature 7101, 7102, 7104 and 7105 is used for detecting attack arp poison.
The sensor works as IDS in promiscuous mode. All traffic is fordwared to sensor.
I have made attack man in the middle with cain & abel but sensor doesn't send alarm. I attach image with signatures.
Why don't sensor detect attack? The network is in zone inside.
Can anybody help me, please?
12-03-2011 07:34 PM
Did you check if SSM is getting those packets by running "packet display .." command on the sensing interface. In SSM the ARP packets would not be forwarded by ASA to the SSM.
thx
Madhu
12-04-2011 04:04 AM
Couldn't the sensor detect this kind of attack?
desn`t the signature work with aip-ssm?
Thx.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide