-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
arpCounterattack is a program for detecting and remedying "ARP attack…
…s." It monitors traffic on any number of Ethernet interfaces and examines ARP replies and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP request that is in conflict with its notion of "correct" Ethernet/IP address pairs, it logs the attack if logging is enabled, and, if the Ethernet interface that the attack was seen on is is configured as being in aggressive mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables of hosts on the local network segment. The corrective gratuitous ARP request and corrective gratuitous ARP reply can be sent from an Ethernet interface other than the one that the attack was seen on. WWW: http://acm.poly.edu/wiki/ARP_Counterattack PR: ports/151973 Submitted by: Boris Kochergin <spawk@acm.poly.edu>
- Loading branch information
Showing
7 changed files
with
111 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # New ports collection makefile for: arpCounterattack | ||
| # Date created: 05 November 2010 | ||
| # Whom: Boris Kochergin <spawk@acm.poly.edu> | ||
| # $FreeBSD$ | ||
| # | ||
|
|
||
| PORTNAME= arpCounterattack | ||
| PORTVERSION= 1.2.0 | ||
| CATEGORIES= security | ||
| MASTER_SITES= http://isis.poly.edu/~bk/${PORTNAME}/ \ | ||
| http://bk.macroblock.net/${PORTNAME}/ | ||
| EXTRACT_SUFX= .tbz | ||
|
|
||
| MAINTAINER= spawk@acm.poly.edu | ||
| COMMENT= Detects and remedies ARP attacks | ||
|
|
||
| LIB_DEPENDS= dnet.1:${PORTSDIR}/net/libdnet | ||
|
|
||
| SUB_FILES= pkg-message | ||
|
|
||
| USE_RC_SUBR= ${PORTNAME} | ||
|
|
||
| .include <bsd.port.pre.mk> | ||
|
|
||
| post-install: | ||
| @if [ ! -f ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ]; then \ | ||
| ${CP} -p ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf.sample \ | ||
| ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ; \ | ||
| fi | ||
| @${CAT} ${PKGMESSAGE} | ||
|
|
||
| .include <bsd.port.post.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| SHA256 (arpCounterattack-1.2.0.tbz) = 28cb61cb799871bbb10057fddbd7a445f10b27725eca088f370eeff157f88f3d | ||
| SIZE (arpCounterattack-1.2.0.tbz) = 507939 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| #!/bin/sh | ||
| # $FreeBSD | ||
|
|
||
| # PROVIDE: arpcounterattack | ||
| # REQUIRE: DAEMON | ||
| # BEFORE: LOGIN | ||
| # KEYWORD: shutdown | ||
|
|
||
| # Define these arpcounterattack_* variables in one of these files: | ||
| # /etc/rc.conf | ||
| # /etc/rc.conf.local | ||
| # /etc/rc.conf.d/arpcounterattack | ||
| # | ||
| # DO NOT CHANGE THESE DEFAULT VALUES HERE | ||
| # | ||
| arpcounterattack_enable="${arpcounterattack_enable-NO}" | ||
| arpcounterattack_pidfile="/var/run/arpCounterattack.pid" | ||
|
|
||
| . /etc/rc.subr | ||
|
|
||
| name="arpcounterattack" | ||
| rcvar=`set_rcvar` | ||
| command="%%PREFIX%%/sbin/arpCounterattack" | ||
|
|
||
| load_rc_config $name | ||
|
|
||
| : ${arpcounterattack_config="%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf"} | ||
| : ${arpcounterattack_flags="-c ${arpcounterattack_config}"} | ||
|
|
||
| pidfile="${arpcounterattack_pidfile}" | ||
| required_files="${arpcounterattack_config}" | ||
|
|
||
| case "${arpcounterattack_flags}" in | ||
| *-p\ *) | ||
| echo "ERROR: \$arpcounterattack_flags includes -p option." \ | ||
| "Please use \$arpcounterattack_pidfile instead." | ||
| exit 1 | ||
| ;; | ||
| *) | ||
| arpcounterattack_flags="-p ${pidfile} ${arpcounterattack_flags}" | ||
| ;; | ||
| esac | ||
|
|
||
| run_rc_command "$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
|
|
||
| Before starting arpCounterattack, you should edit its configuration file, | ||
| %%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf. Then, add the following | ||
| line to /etc/rc.conf: | ||
|
|
||
| arpcounterattack_enable="YES" | ||
|
|
||
| Finally, to start it, run the following command: | ||
|
|
||
| %%PREFIX%%/etc/rc.d/arpCounterattack start | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| arpCounterattack is a program for detecting and remedying "ARP attacks." It | ||
| monitors traffic on any number of Ethernet interfaces and examines ARP replies | ||
| and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP | ||
| request that is in conflict with its notion of "correct" Ethernet/IP address | ||
| pairs, it logs the attack if logging is enabled, and, if the Ethernet | ||
| interface that the attack was seen on is is configured as being in aggressive | ||
| mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with | ||
| the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables | ||
| of hosts on the local network segment. The corrective gratuitous ARP request | ||
| and corrective gratuitous ARP reply can be sent from an Ethernet interface | ||
| other than the one that the attack was seen on. | ||
|
|
||
| WWW: http://acm.poly.edu/wiki/ARP_Counterattack | ||
|
|
||
| -Boris Kochergin <spawk@acm.poly.edu> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| sbin/arpCounterattack | ||
| @unexec if cmp -s %D/etc/arpCounterattack/arpCounterattack.conf.sample %D/etc/arpCounterattack/arpCounterattack.conf; then rm -f %D/etc/arpCounterattack/arpCounterattack.conf; fi | ||
| etc/arpCounterattack/arpCounterattack.conf.sample | ||
| @exec if [ ! -f %D/etc/arpCounterattack/arpCounterattack.conf ] ; then cp -p %D/%F %B/arpCounterattack.conf; fi | ||
| etc/arpCounterattack/oui.txt | ||
| @dirrmtry etc/arpCounterattack |