Projects

arptracker

arptracker collects and tracks ARP data via SNMP from your (cisco) routers. It assumes that your SNMP RO community string is uniform across your Cisco router network. It tracks when a particular MAC address (per IP) was first and and last seen on a network,effectively giving a whole range of ... [More] forensics and monitoring possibilities. arptracker works by scraping arp tables from all routers once every 30minutes(configurable). The database has 2 tables, one is the current arp information and the other is historical, ie, the main arpdatabase itself, which gives us when a particular IP/mac combo was first and last network. Typical Goal Many !!!! a. How about tracking which machines are using which ip address over time intervals. b. Tracking which machine(MAC) has what IP address. c. How many machines are 'active' on a LAN d. Detect Arp poisoning attacks and proxy arp in network . i.e which mac address has more than one IP adddress assigned to it. e. Data repository for a quota and/or quarantine management [Less]

arpon

ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes Arp a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or "Static Arp Inspection" ... [More] , the second on DARPI or "Dynamic Arp Inspection" approach. Keep in mind other common tools fighting ARP poisoning usually limit their activity only to point out the problem instead of blocking it, ArpON does it using SARPI and DARPI policies. Finally you can use ArpON to pentest some switched/hubbed LAN with/without DHCP protocol, in fact you can disable the daemon in order to use the tools to poison the ARP Cache. However ArpON is also a good tool to a clever sysadmin aware of security related topics. It is a tool born to make Arp secure in order to avoid Arp Spoofing/Poisoning & co. Remember it doesn't affect the communication efficiency of the ARP protocol! Features: - It manages every aspect of the ARP protocol - It replaces utilities such as arp, arping, arpscan - It replaces arpwatch, arpon blocks - It detects and blocks ARP Poisoning/Spoofing attacks in statically configured networks - It detects and blocks ARP Poisoning/Spoofing attacks in dinamically configured (DHCP) networks - It detects and blocks unidirectional and bidirectional attacks - Easily configurable via command line switches, provided that you have root permissions - It works in userspace for OS portability reasons - Tested against Ettercap, Cain & Abel, dsniff The link to ArpON's documentation: http://arpon.sourceforge.net/about.html [Less]