{"id":222,"date":"2010-02-24T02:10:07","date_gmt":"2010-02-24T07:10:07","guid":{"rendered":"http:\/\/zitstif.no-ip.org\/?p=222"},"modified":"2010-02-24T21:42:57","modified_gmt":"2010-02-25T02:42:57","slug":"arp-sentinel","status":"publish","type":"post","link":"http:\/\/zitstif.no-ip.org\/?p=222","title":{"rendered":"arp-sentinel"},"content":{"rendered":"<p>Those of us who understand some of the great weaknesses in IPv4, know that under certain circumstances (especially in local area networks), attackers can carry out some pretty devious tasks. Arp-spoofing (<a title=\"http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing\" href=\"http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing\" target=\"_blank\">http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing<\/a>) can be used to intercept traffic and even modify it accordingly to the attacker&#8217;s will. Programs like arpspoof, cain&amp;abel, and especially ettercap-ng, when abused, can be used for purloining credentials and potentially identities.<\/p>\n<p>With this being true, I decided to write an implementation of a arp-spoofing detection program that is geared toward Ubuntu\/Debian. The beauty of this program, is that instead of just creating logs that non-tech savvy users would most likely not glance at, this program alerts the end user via x-message. Granted, this x-message window can potentially get annoying, however this was intended. The end user needs to be alerted of if arp-spoofing is taking place, their information could be potentially at great risk.<\/p>\n<p>The beauty behind arp-sentinel, is that it uses very low resources and is mainly intended for end users who run Ubuntu on a laptop, who use insecure hotspots for whatever purposes. Here&#8217;s a screen shot of &#8216;top&#8217; being used under Ubuntu 9.10 on a virtual machine:<\/p>\n<p><a title=\"http:\/\/zitstif.no-ip.org\/http:\/\/zitstif.no-ip.org\/arp-sent\/arp-sent\/memoryUsageFinal.jpg\" href=\"http:\/\/zitstif.no-ip.org\/arp-sent\/memoryUsageFinal.jpg\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"http:\/\/zitstif.no-ip.org\/arp-sent\/memoryUsageFinal.jpg\" src=\"http:\/\/zitstif.no-ip.org\/arp-sent\/memoryUsageFinal.jpg\" alt=\"\" width=\"547\" height=\"371\" \/><\/a><\/p>\n<p>Nifty eh? Here&#8217;s also a screen shot of the warning message that is displayed:<\/p>\n<p><a title=\"http:\/\/zitstif.no-ip.org\/arp-sent\/warningFinal.jpg\" href=\"http:\/\/zitstif.no-ip.org\/arp-sent\/warningFinal.jpg\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"http:\/\/zitstif.no-ip.org\/arp-sent\/warningFinal.jpg\" src=\"http:\/\/zitstif.no-ip.org\/arp-sent\/warningFinal.jpg\" alt=\"\" width=\"547\" height=\"137\" \/><\/a><\/p>\n<p>Here&#8217;s the program in a tar file:<\/p>\n<p><a title=\"http:\/\/zitstif.no-ip.org\/arp-sent\/arp-sentinel.tar\" href=\"http:\/\/zitstif.no-ip.org\/arp-sent\/arp-sentinel.tar\" target=\"_blank\">http:\/\/zitstif.no-ip.org\/arp-sent\/arp-sentinel.tar<\/a><\/p>\n<p>MD5sum: 79c54891a7b235bf6a2f5d4c779771c3<\/p>\n<p>Tested to work on Ubuntu 9.10.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Those of us who understand some of the great weaknesses in IPv4, know that under certain circumstances (especially in local area networks), attackers can carry out some pretty devious tasks. Arp-spoofing (http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing) can be used to intercept traffic and even modify it accordingly to the attacker&#8217;s will. Programs like arpspoof, cain&amp;abel, and especially ettercap-ng, when &hellip; <a href=\"http:\/\/zitstif.no-ip.org\/?p=222\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">arp-sentinel<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,3],"tags":[71,68,70,69,65,67,66],"class_list":["post-222","post","type-post","status-publish","format-standard","hentry","category-code","category-posts","tag-arp","tag-arp-poison","tag-arp-sentinel","tag-arp-sentinel-tar","tag-arp-spoof","tag-cainabel","tag-ettercap-ng"],"_links":{"self":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=222"}],"version-history":[{"count":12,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions"}],"predecessor-version":[{"id":233,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions\/233"}],"wp:attachment":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=222"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}