Arpwatch 2.1a13 BETA

Announcements of packages that are now released.

Postby tom » Sun Jan 09, 2005 4:55 pm

Here's my beta release of Arpwatch_2.1a13 for Freesco 0.3.x

Arpwatch keeps track of mac address/ip address pairings and notifies you of changes via the system log/email. This package has a modified version of arpwatch and it lets you ban/allow access to/from Freesco by mac address.

Code: Select all
pkg -i ftp://toms.homelinux.org/packages/03x/arpwatch_2.1a13-2_tom


Here's the release notes
RELEASE NOTES *** Arpwatch 2.1a13 for FREESCO 03x *** RELEASE NOTES

This release of Arpwatch includes these features:

1.? Messages are sent to the system log (/var/messages)

2.? Messages are sent via E-Mail using smtpclient.? If you don't want
arpwatch to send you EMails then dont change MAILACCOUNT in domail.cfg

3.? There's a new file called maclist.cfg where you can specify mac addresses
that can be blocked or allowed.? The default action is to allow all addresses
unless it's specified in maclist.cfg.? This can be changed by changing DEFACT
(DEFault ACTion) in domail.cfg to block, then all addresses will be blocked
unless they're listed in maclist.cfg

Here's an example of what to put in maclist.cfg:

0:56:f4:0:de:5
44:0:50:62:a5:fb

Notice that if the mac includes 00 then one zero is dropped
also, if the last number is a zero then it's also dropped.

Don't remove the "dummy" examples in maclist.cfg

By default, arpwatch only listens on eth1 but it can listen on any/all
interfaces on your system.? you need to edit rc_arpwatch for this or
run "rc_arpwatch setup".? Running "rc_arpwatch setup" is recomended since
you'll also need to edit domail.cfg and maclist.cfg

Arpwatch can't prevent arp poisoning and it's still possible for an attacker
to spoof their mac address.? If you want to see how Arpwatch reacts to this,
download and install my ettercap package to another machine on your lan.

Before running Arpwatch, you HAVE to edit domail.cfg and rc_arpwatch.
If you plan to just run arpwatch on eth1 then you don't have to edit rc_arpwatch
but domail.cfg is a must if you want to receive emails from arpwatch.

There's three variables in domail.cfg that have to be set

MAILACCOUNT=Your_Email_Address
MAILSERVER=Your.EMail.Server
USERNAME=Your_EMail_Username
DEFACT=allow

DEFACT is explained above.? If you don't want arpwatch to send you emails then
don't change MAILACCOUNT

enjoy,

Tom


make sure you run "rc_arpwatch setup" before running "rc_arpwatch start"

Don't delete the 2 dummy mac addresses in maclist.cfg and make sure there's a blank line at the end of the file (or the last line won't get read)

This is a BETA package so if you find anything wrong/missing, please let me know ASAP.

enjoy,

Tom
User avatar
tom
Junior Advanced Member
 
Posts: 115
Joined: Sun Oct 27, 2002 4:39 pm

Postby tom » Sun Jan 16, 2005 12:24 am

I've made some changes since the initial release of this package. Here's the new package:

Code: Select all
pkg -i ftp://toms.homelinux.org/packages/03x/arpwatch_2.1a13-2_tom


This is a beta package so please let me know how it goes (good or bad)

Tom
User avatar
tom
Junior Advanced Member
 
Posts: 115
Joined: Sun Oct 27, 2002 4:39 pm

Postby tom » Sun Jan 16, 2005 5:56 pm

Sorry to make so many posts here but I've made some more changes to this package. It now has an option to disable email messages and should support all 0.3.x versions including 0.3.4 when it's released (0.3.4 uses restrict.cfg instead of banlist.cfg and has a slightly different format). Read the new release notes above (or FREESCO.txt) for complete details.

Code: Select all
pkg -i ftp://toms.homelinux.org/packages/03x/arpwatch_2.1a13-2_tom


This post has been edited by dingetje on Jan 16 2005, 11:37 AM

BTW What was edited on the previous post? I don't see any changes.

EDIT Never mind, I think you put the download link in a code block. Is that right?

Tom
User avatar
tom
Junior Advanced Member
 
Posts: 115
Joined: Sun Oct 27, 2002 4:39 pm


Return to 3rd Party Package Release Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron