[ubuntu-hardened] ArpON 2.7 and a bug with the DARPI setting?

Daniel Curtis sidetripping at gmail.com
Sun Sep 6 19:41:55 UTC 2015


Hello,

ArpON is a portable handler daemon that make Arp secure in
order to avoid Arp Spoofing/Poisoning and so on. That's why
I decided to write here.

Because on Ubuntu 12.04 LTS an ArpON package is pretty
outdated (ver. 2.0) I've decided to use Vivid version, which
is the latest - 2.7. By the way, thanks to finally update this
package.

I'm writing because I've noticed some problems during
configuration. Since I am using DHCP method to obtain an
IP address I've to use a DARPI method (Dynamin Arp Inspect.)
instead of SARPI (Static Arp Inspect) etc. By the way; I've noticed
some changes in ArpON log files entries.

So, after installation via apt-get utility, configuring arpon file
from /etc/default/ directory and uncommnet line responsible for
DARPI method, ArpON failed to start with a following error:

$ sudo /etc/init.d/arpon start
* Starting anti ARP poisoning daemon arpon
20:38:55 PID = </var/run/arpon.pid>

/usr/bin/arpon: invalid  option -- 'd'
[fail]

For DARPI a line in the /etc/default/arpon file looks this way:
DAEMON_OPTS=-q -f /var/log/arpon/arpon.log -g -d"

According to the Ubuntu manpage[1] '-g' flag stands for "Works
in logging mode", since '-d' flag means "Manages Arp Cache
dynamically". So, everything should work okay, right? But it
does not. I've tried many possibilities, configurations etc.

And it seems that a new ArpON version: 2.7 requires a '-D' flag
instead '-d'. So, now there must be the '-D' flag not '-d'. After
this small change everything started to work okay:

$ sudo /etc/init.d/arpon start
* Starting anti ARP poisoning daemon arpon
20:43:32 PID = </var/run/arpon.pid>
[OK]

One more checking, to be one hundred percent sure:

$ sudo /etc/init.d/arpon status
* Checking status of anti ARP poisoning daemon arpon     [OK]

As already mentioned, also log files seems to change. I mean,
for example, a format etc.[2]:

21:16:45 ARP cache, ACCEPT
     src HW = <1:1:1:1:1:1>
     src IP = <192.168.1.1>

I hope, that everything is okay and above changes are normal.
Could someone confirm this? I mean a log file format etc. :- )
And of course check if it is really a bug. Thanks.

At least it seems there is a small bug in a latest ArpON release.
I don't know where to report it (perhaps authors or Ubuntu
launchpad?) and I don't know if I even should do it...

Best regards.
_____________
[1] http://manpages.ubuntu.com/manpages/trusty/man8/arpon.8.html
[2]
http://redes-privadas-virtuales.blogspot.com/2012/01/shutting-out-arp-poisoning-and-spoofing.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20150906/cc771cc2/attachment.html>


More information about the ubuntu-hardened mailing list