Penetration Testing mailing list archives
A simple way to block ARP Cache Poisoning
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Tue, 29 May 2001 15:45:33 -0300
I know it's old news, but it's a very pretty way to protect against ARP Cache Poisoning.
If you already know this code you'll see that a significant differences between the first code I made and this second
one.
[BOF]
# -*- perl -*-
# Script ID : farpce.pl - Force ARP Cache Entries Perl Script v. 0.4
# Date : Apr/06/2000
# Revisions : Apr/15/2000
# May/23/2000
# May/29/2001
# Author : Nelson Brito
# E-mail : nelson () SECUNET COM BR
use Getopt::Std;
use Shell qw(arp);
getopts('f:', \%o); $V = "0.4";
if($^O =~ /MSWin32/i){ @p = split(/\\/, $0); $0 = pop @p; $c = "-N"; }
else{ $0 =~ s#.*/##; $c = "-i"; }
print "--- $0 v. $V / Nelson Brito / Secunet AG ---\n";
$f = $o{'f'} ? $o{'f'} : f2($0);
$m = f1($f) ? "Succed" : "Failed";
print $m . "!\n";
sub f1{
open(F, "<".$_[0]) or die "$0: $!\n";
foreach(<F>){
chomp; next if (/^\s*#/); next if (/^\s*$/);
((($i, $h, $I) = /\s*(.+?)\s+(\S+)\s*\s+(\S+)\s*/) == 3) or return 0;
(split(/\./, $i) == 4) or return 0; (split(/:/, $h) == 6) or return 0;
$h =~ y/:/-/ if ($^O =~ /MSWin32/); print "."; arp("-s", $i, $h, $c, $I);
}
close(F) or die "$0: $!\n";
return 1;
}
sub f2{
die <<_USAGE
Usage: $_[0] [-f <arp-file>]
Copyright © 2000, 2001 Nelson Brito<nelson\@SECUNET.COM.BR>. All rights reserved.
_USAGE
;
}
# Making code as an ART! ;))
[EOF]
Linux's ARP file example:
#<IPAddr> <HWAddre> <Iface>
192.168.1.1 FF:DD:AA:00:00:44 eth0
Windows NT's ARP file example:
#<IPAddr> <HWAddre> <Iface's IPAddr>
192.168.1.1 FF:DD:AA:00:00:44 192.168.1.69
Enjoy.
Sem mais,
--
# Nelson Brito
# Security Analyst and Penetration Tester
# Security Networks AG - The trust Company!
#
# Usage: cat <file> | perl .signature
foreach(<STDIN>){chop;split(//,$_);print reverse @_;print "\n";}
Current thread:
- A simple way to block ARP Cache Poisoning Nelson Brito (May 29)