Having anticipated, Man-in-Middle attack by ARP Spoofing. a problem,
(For example: there are many lab machines which have NFS access to user
disks on a server. These machines may even be turned OFF which makes it
easy for a spoofer to get in.), I wrote a short Perl script designed to
be run from the system startup file. Basically, it fills the ARP cache
on Linux with the IP and MAC addresses of known machines, setting a flag
so that they are never removed from the cache and can never be changed.
The config file format is simple -- IP address followed by MAC address,
separated by whitespace. Pound at the beginning of a line indicates
# vi ip_mac.conf
# IP_Address MAC_Address
This has only been tested on Linux -- people on other platforms may need
to adjust the parameters to arp in the system call.
It is a quick 'n' dirty program, but works -- maybe it will be useful to
somebody out there, too.
Note: you want to make sure that it is run after your network interface is
brought up but before any servers or clients are started; otherwise,
somebody may be able to sneak in a connection before the ARP tables are
Here is the Perl script:
# vi force_hw_addr.pl
# Program: force_hw_addr.pl
# Program to run ARP to force certain tables.
# Specify filenames(Redirection) or stdin
foreach (<>) # For each input line....
chomp; # Strip if CR/LF
} # If it's a comment, skip it.
if (((($host, $hw) = /\s*(.+?)\s+(\S+)\s*/) == 2) &&
# The text between the slashes parses the input line as follows:
# Ignore leading whitespace. (\s*)
# Then, start matching and put it into $host ($host, (.+?))
# Skip over the whitespace after that (\s+)
# Start matching. Continue matching until end of line or optional
# trailing whitespace.
# Then, the if checks to see that both a
# host and a hardware address were matched.
# (2 matches). If not, we skip the
# line (assuming it is blank or invalid or something).
# The second part of the if checks to see if the line starts with
# a pound sign; if so, ignore it (as a comment).
# Otherwise, run the appropriate command:
printf("Setting IP %-15s to hardware address %s\n", $host, $hw);
system "/usr/sbin/arp -s $host $hw\n";
# ./force_hw_addr.pl < ip_mac.conf
I hope that this script will help you access resources in
your network and prevent DoS/Man-in-Middle Attack.