Curiosity is insubordination in its purest form. -Vladimir Nabokov

lunes, 25 de octubre de 2010

Proteccion contra ARP spoofing

Un pequeño log donde intervienen arp estaticas y su monitorizacion con arpon, una buena herramienta para la proteccion de spoofing.
root@sid7:/home/vlan7# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
#next-hop FW zeroshell
pre-up /etc/network/interfaces_sec
post-up /usr/sbin/arp -f /etc/sarp.conf
# dns-* options are implemented by the resolvconf package, if installed
root@sid7:/home/vlan7# cat /etc/resolv.conf
root@sid7:/home/vlan7# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0         UG        0 0          0 eth0
root@sid7:/home/vlan7# arp -a
? ( at AA:BB:CC:DD:EE:FF [ether] PERM on eth0
root@sid7:/home/vlan7# /etc/init.d/arpon status
Checking status of anti ARP poisoning daemon: arpon running.
root@sid7:/home/vlan7# cat /etc/sarp.conf
root@sid7:/home/vlan7# cat /etc/arpon.sarpi
# Example of arpon.sarpi
#Below is zeroshell
root@sid7:/home/vlan7# tail -f /var/log/arpon/arpon.log
08:14:37 - Wait link connection on eth0...
08:14:39 - SARPI on dev(eth0) inet( hw(FF:EE:DD:CC:BB:AA)
08:14:39 - Protects these Arp Cache's entries:
08:14:39 - 1) -> AA:BB:CC:DD:EE:FF
08:14:39 - Arp Cache restore from /etc/arpon.sarpi...
08:14:39 - Arp Cache refresh timeout: 10 minuts.
08:14:39 - Realtime Protect actived!
08:15:52 - Request << AA:BB:CC:DD:EE:FF
08:15:52 - Reply   >> Send to -> AA:BB:CC:DD:EE:FF
08:24:39 - Refresh these Arp Cache entries:
08:24:39 - 1) -> AA:BB:CC:DD:EE:FF
vlan7@sid7:~$ sudo dpkg -l |grep arpon
ii  arpon                                            2.0-2                                versatile anti ARP poisoning daemon

Related Posts by Categories

0 comentarios :