refactor: Update snort.conf and arpspoof configuration

The `snort.conf` file is modified to enable portscan detection and ARP spoof detection. Additionally, the `arpspoof_detect_host` configuration is updated to specify the IP address and MAC address for ARP spoof detection. These changes enhance the functionality of the Snort intrusion detection system. Refactor `snort.conf` and arpspoof configuration
ADORSYS-GIS · Sep 10, 2024 · c087806 · c087806
1 parent 348cae2
commit c087806
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/scripts/windows/snort.conf b/scripts/windows/snort.conf
@@ -416,11 +416,11 @@ preprocessor smtp: ports { 25 465 587 691 } \
     xlink2state { enabled }
 
 # Portscan detection.  For more information, see README.sfportscan
-# preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }
+preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }
 
 # ARP spoof detection.  For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor
-# preprocessor arpspoof
-# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
+preprocessor arpspoof
+preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
 
 # SSH anomaly detection.  For more information, see README.ssh
 preprocessor ssh: server_ports { 22 } \