security-growler icon indicating copy to clipboard operation
security-growler copied to clipboard
verified publisher icon pirate

Detect ARP spoofing/poisoning

Open lctrcl opened this issue 9 years ago • 1 comments

Few different ideas/realizations:

lctrcl avatar May 03 '16 10:05 lctrcl

Awesome idea, thanks! Looks like we'd want to implement both the first link and the last one, since they alert about different things.

The first python script alerts if your MAC is being spoofed on the local network so someone else receives your incoming traffic. The pastebin bash + growl script alerts if the gateway MAC is being spoofed so someone else is receiving all outgoing traffic.

Both would be incredibly valuable to have, although I'm not sure what the best way to implement this is, since both require running a whole bunch of commands on every poll cycle. I think the best way is to add a new generic source that is capable of running a shell script and yielding the output. Then we can bundle both these detectors into seperate shell scripts that get run by the source, which passes it to the parsers then the alerters.

pirate avatar May 03 '16 18:05 pirate