Can IPS/IDS detects data link layer attacks?

Blind spot on the other level and the security tools capability.

Attack on the data link layer is a attacking method that IPS/IDS cannot detect with their rules/signatures. Address Resolution Protocol  (ARP) cache poisoning for wired clients to de-authentication of wireless clients are easily to exploit because the attacking can comes from trusted network.

You can find a good open source solution to detect this attack. Such as scapy.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s