Curiosity is insubordination in its purest form. -Vladimir Nabokov

lunes, 25 de octubre de 2010

Proteccion contra ARP spoofing

Un pequeño log donde intervienen arp estaticas y su monitorizacion con arpon, una buena herramienta para la proteccion de spoofing.
root@sid7:/home/vlan7# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.104
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
#next-hop FW zeroshell
gateway 192.168.0.1
pre-up /etc/network/interfaces_sec
post-up /usr/sbin/arp -f /etc/sarp.conf
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
root@sid7:/home/vlan7# cat /etc/resolv.conf
nameserver 8.8.8.8
root@sid7:/home/vlan7# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
root@sid7:/home/vlan7# arp -a
? (192.168.0.1) at AA:BB:CC:DD:EE:FF [ether] PERM on eth0
root@sid7:/home/vlan7# /etc/init.d/arpon status
Checking status of anti ARP poisoning daemon: arpon running.
root@sid7:/home/vlan7# cat /etc/sarp.conf
192.168.0.1
AA:BB:CC:DD:EE:FF
root@sid7:/home/vlan7# cat /etc/arpon.sarpi
# Example of arpon.sarpi
#Below is zeroshell
192.168.0.1
AA:BB:CC:DD:EE:FF
root@sid7:/home/vlan7# tail -f /var/log/arpon/arpon.log
08:14:37 - Wait link connection on eth0...
08:14:39 - SARPI on dev(eth0) inet(192.168.0.117) hw(FF:EE:DD:CC:BB:AA)
08:14:39 - Protects these Arp Cache's entries:
08:14:39 - 1)     192.168.0.1 -> AA:BB:CC:DD:EE:FF
08:14:39 - Arp Cache restore from /etc/arpon.sarpi...
08:14:39 - Arp Cache refresh timeout: 10 minuts.
08:14:39 - Realtime Protect actived!
08:15:52 - Request << AA:BB:CC:DD:EE:FF
08:15:52 - Reply   >> Send to 192.168.0.1 -> AA:BB:CC:DD:EE:FF
[cut]
08:24:39 - Refresh these Arp Cache entries:
08:24:39 - 1) 192.168.0.1 -> AA:BB:CC:DD:EE:FF
[cut]
vlan7@sid7:~$ sudo dpkg -l |grep arpon
ii  arpon                                            2.0-2                                versatile anti ARP poisoning daemon
vlan7@sid7:~$

Related Posts by Categories



0 comentarios :