- Bronze, 100 points or more
Im seeing a Huge amount of events related with the signature ARP Reply-to-Broadcast 7102.
The sensor saw an ARP Reply packet with its payload Destination MAC containing a broadcast address. This is not normal traffic and can indicate an ARP poisioning attack. Note: This signature is only available in Cisco IDS versions 4.0 and greater.
|No known triggers.|
It says that there are not Benign triggers. Im Dropping the packets related with this signature.... Should I Drop the packets to avoid ARP Poisioning??
I do not want to drops benign packets but it seems that this signature will not fire with benign packets. Any advise will be really appreciated.