I am on a WiFi network with a SonicWall router (I'm guessing this comes with an IDS).
If someone on my network launches an MiTM attack on me, will the network admin be able to detect this?
Does an IDS/IPS/Network Firewall prevent such an attack?
Or do I have to be vigilant and protect myself against such an attack?
It depends on the location of the IDS relative to the network and on the capabilities of the IDS.
ARP or DHCP spoofing attacks are done inside the local network. From outside this network they look no different than normal connections. Thus in order to detect such attacks the IDS has to be inside the same network where the attack occurs. ARP and DHCP spoofing attacks can also sometimes already be prevented by better routers without needing an IDS.
DNS spoofing can be done inside the network or from outside. If the attack happens inside, then an IDS outside of the network will not be able to detect this attack, although it might in theory detect some results of the attack. On such results might be the attempt to access a specific web server on the wrong IP address which could be detected by comparing the Host header in the request against the target IP address.
If DNS spoofing is done from outside the network protected by the IDS, then the IDS might be able to detect such attacks, depending on how sophisticated they are.
Apart from the theoretical limits which kinds of attacks can be attacked because of the location of the IDS in the network, there are practical limits on detection capabilities which depend on the type of IDS, the specific configuration etc. Thus even if attacks could in theory be detected, a specific IDS with a specific configuration might not be able to do it.
