Anti ARP spoofing tool Antidote

Posted on by

These days I was fighting some ARP spoofing troubles in a ~400 PC network.

Although I was already running the well known Arpwatch, and almost unknown ArpON tools, I couldn’t find the real cause of my network problem.

Until I found Antidote.

A daemon for detecting ARP spoofing (sometimes called “poisoning”) on a network & alerting appropriately.

My server was running FreeBSD 7, so even if I couldn’t find it in ports, the manual installation was quick and easy.

Just:

./configure
make
make install

Then I created a simple configuration file under /etc/antidote.conf.
It’s contents look like this:


# Antidote config! Read README from provided tarball!!!
# EthernetDevice = [your device under /dev] # Not needed, it took my first not looping interface
EmailRecipient = root
Promiscuous = no
CheckMacChanges = yes

Start the daemon by antidote &, then go check your email. :)
Ohh, and don’t forget turning off arpwatch or what else do you use!

Lasă un răspuns

Adresa ta de email nu va fi publicată. Câmpurile necesare sunt marcate *

*

Poți folosi aceste etichete HTML și atribute: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>