The attacks that exploit the Address Resolution Protocol (ARP) are considered as the most dangerous for the security of networks. Indeed, this attack poisons the cache ARP of the machine and makes possible all the actions of Man In the Middle (reading, modification, denial-of-service). For this, it becomes very important to prevent against this type of attack, by setting up systems able to detect it, known as Intrusion Detection Systems, and to react consequently. Among the existing IDS, we find SNORT which is the most used; but its reactions are generally in a passive way (Log, sending message …). In this paper, we propose an approach by introducing a Plug-In making SNORT react against ARPSpoofing's attack in real-time.
展开▼