ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didn't find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Here are some key features of "ARPSpoofDetector":
· passive ARP spoofing detection from broadcast ARP reply packets
· passive IP collision detection from broadcast ARP packets and netbios packets
· active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)
Requirements:
· OpenSSL
What's New in This Release:
· A new variable MAXEMAILWARNINGS was added to limit the number of emails in an attack.
· A segmentation fault in the netbios thread was found and repaired, and attacks are deleted from memory after a day.
Product's homepage
Find us on Google+
