Merge in SNORT/snort3 from ~MDAGON/snort3:arp_builtins to master
Squashed commit of the following:
commit
d30a49cf87f55af799a2bf8a0bf6003cf0df38e0
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 8 14:19:07 2021 -0500
doc: arp_spoof builtins
112:1
-(arp_spoof) unicast ARP request
+ARP request is unicast, not broadcast.
112:2
-(arp_spoof) ethernet/ARP mismatch request for source
+Mismatch between ethernet source hardware address and ARP source hardware address.
112:3
-(arp_spoof) ethernet/ARP mismatch request for destination
+Mismatch between ethernet destination hardware address and ARP destination hardware address in an ARP reply.
112:4
-(arp_spoof) attempted ARP cache overwrite attack
+Attempted ARP cache overwrite attack. The ethernet source hardware address or ARP source hardware address
+doesn't match the one provided for this IP address in the configured host table.
116:1
#define ARPSPOOF_UNICAST_ARP_REQUEST_STR \
"unicast ARP request"
#define ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC_STR \
- "ethernet/ARP mismatch request for source"
+ "ethernet/ARP mismatch for source hardware address"
#define ARPSPOOF_ETHERFRAME_ARP_MISMATCH_DST_STR \
- "ethernet/ARP mismatch request for destination"
+ "ethernet/ARP mismatch for destination hardware address in reply"
#define ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK_STR \
"attempted ARP cache overwrite attack"