Re: Arpd on FC3

[Maximillian Dornseif <dornseif () informatik rwth-aachen de>]

On 2005-07-08 14:18:49 +0200, seamus blarnum <crpyt0k1d () yahoo com> said:

> Has anyone come up with a fix or work-around for Arpd on Fedora Core 3? I
>  keep getting syntax errors and from reading insecure.org and a few other
>  sources I seem to not be the only one dealing with this issue.

You should consider to avoid using arpd at all. If your network is not 
that big you should be able to use the wonderful new honeyd 1.0 
features to get your traffic to honeyd. If your network is complex you 
for sure should avoid arpd because it will break to much stuff. If your 
network is really big (e.g. /17) you shouldn't use arp at all but 
routing to get traffic to your system because most network equipment 
can't really handle tenthousands of notes on the same segments.

See http://blogs.23.nu/antlab/stories/4485/ and 
http://md.hudora.de/presentations/2005-bh-honeypots-03-honeyd.pdf 
(slide 7pp)

Also be aware that some morons (debian?) decided to rename arpd into 
'farpd'. There is another arpd wich is meant as an userland replacement 
for the kernel's arp cache. So be sure to actually use the correct arpd 
if you insist on using arpd at all.

Regards

Maximillian Dornseif

--
Maximillian Dornseif
Laboratory for Dependable Distributed Systems, RWTH Aachen University
Tel. +49 241 80-21431 - http://md.hudora.de/