.\" .\" ipguard.8 .\" .\" Copyright (c) 2005 SeaD .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .TH ipguard 8 .SH NAME .PP ipguard \- tool designed to protect LAN IP adress space by ARP spoofing. .SH SYNOPSIS .PP .B ipguard [\-arxiodvh] [\-f | -e \fIethers\fP] [\-l \fIlog\fP] [\-p \fIpid\fP] [\-m \fImac\fP] [\-u \fIseconds\fP] [\-n \fInum\fP] [\-b \fInum\fP] .SH DESCRIPTIPON .PP ipguard listens network for ARP packets. All permitted MAC/IP pairs listed in 'ethers' file. If it recieves one with MAC/IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address. This will prevent not permitted host to work properly in this ethernet segment. Especially Windows(TM) hosts. .SH OPTIONS .TP .B \-f | -e " \fIethers\fP" Ethers file (Default: /etc/ethers) .TP .B \-l " \fIlog\fP" Log file (Default: /var/log/ipguard_.log) .TP .B \-p " \fIpid\fP" Pid file (Default: /var/run/ipguard_.pid) .TP .B \-m " \fImac\fP" Fake mac (Default: de:ad:xx:xx:xx:xx) .TP .B \-u " \fIseconds\fP" Update ethers interval (Default: 0) .TP .B \-n " \fInum\fP" Fake replies number (Default: 3) .TP .B \-b " \fInum\fP" Mac buffer size (Default: 10) .TP .B \-a No address substitition .TP .B \-r Read only .TP .B \-x Duplex mode .TP .B \-i Hidden mode .TP .B \-o Promiscuous mode .TP .B \-d Don't fork .TP .B \-v Verbose .TP .B \-h This help .SH EXAMPLES .TP Normal method, duplex, autoupdate /etc/ethers every 5 min and send 2 fake replies: .B ipguard -x -u 300 -n 2 fxp0 .TP Read-only mode and remember last 100 not listed in `ethers' MACs. Useful for initial MAC/IP pairs collect: .B ipguard -r -b 100 -f ./empty_file rl0 .TP Do not go to background and be more verbose, with test ethers file: .B ipguard -dv -f /tmp/ethers my1 .br .SH TIPS .PP You must have read permission on /dev/bpf* if you want to start ipguard in read-only mode and read/write permission for full functional if you're not root. .PP First MAC/IP pair in list always taken from listening interface, so you can't occasionally block yourself. .SH FILES .TP .B /etc/ethers ethers/ip pairs list .TP .B /var/log/ipguard_.log log file .TP .B /var/run/ipguard_.pid pid file .SH SEE ALSO .PP ethers(5), tcpdump(1), pcap(3), libnet(3) .SH CREDITS .PP Authors of \fBlibpcap\fP, \fBlibnet\fP, \fBarping\fP, \fBip-sentinel\fP .PP citrin <\fBcitrin\fP at \fBcitrin.ru\fP> for testing assistance .SH BUGS .PP ipguard will not prevent changing MAC address along with IP by client. .PP Linux send weird ARP packet when enters net. ipguard did'nt handle it. .PP Signals like HUP or TERM works only on new received arp packet. .SH AUTHOR .PP SeaD