ARPSpoofDetector iconARPSpoofDetector 0.1.3

ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision.
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.

ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didn't find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.

Here are some key features of "ARPSpoofDetector":

· passive ARP spoofing detection from broadcast ARP reply packets
· passive IP collision detection from broadcast ARP packets and netbios packets
· active IP collision detection by sending ARP request packets

Log example:

Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)

Requirements:

· OpenSSL

What's New in This Release:

· A new variable MAXEMAILWARNINGS was added to limit the number of emails in an attack.
· A segmentation fault in the netbios thread was found and repaired, and attacks are deleted from memory after a day.

last updated on:
August 12th, 2007, 7:35 GMT
price:
FREE!
developed by:
Petr Toman
license type:
GPL v3 
category:
ROOT \ System \ Networking

FREE!

In a hurry? Add it to your Download Basket!

user rating 24

UNRATED
3.4/5
 

0/5

Add your review!

SUBMIT