b6c08b0df5
Also: * convert to c++11 for clang builds * convert to new LIB_DEPENDS format * use @sample keyword * pet portlint * USE=tar
14 lines
853 B
Plaintext
14 lines
853 B
Plaintext
arpCounterattack is a program for detecting and remedying "ARP attacks." It
|
|
monitors traffic on any number of Ethernet interfaces and examines ARP replies
|
|
and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP
|
|
request that is in conflict with its notion of "correct" Ethernet/IP address
|
|
pairs, it logs the attack if logging is enabled, and, if the Ethernet
|
|
interface that the attack was seen on is configured as being in aggressive
|
|
mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with
|
|
the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables
|
|
of hosts on the local network segment. The corrective gratuitous ARP request
|
|
and corrective gratuitous ARP reply can be sent from an Ethernet interface
|
|
other than the one that the attack was seen on.
|
|
|
|
WWW: http://acm.poly.edu/wiki/ARP_Counterattack
|