savannah

ipsentinel

This program tries to prevent unauthorized usage of IPs within the local ethernet broadcastdomain by giving an answer to ARP-requests. After receiving such a faked reply, the requesting party stores the told MAC in its ARP-table and will send future packets to this MAC. Because this MAC is invalid, the host with the invalid IP can not be reached.

Features

News

29 Mar 2005
Version 0.12 (162KiB) released [SIG]
This version adds an "--action" option to execute a program when a disallowed ARP packet was detected. Sorting of IP addresses happens now in an endian neutral manner and support for the old, deprecated logging format was physically removed from the source. Beginning with this version, ip-sentinel will be hosted at Savannah.
16 Dec 2004
Version 0.11 (149KiB) released [SIG]
This version makes it possible to block hosts with a certain MAC address regardless of their IP. The syntax "*@<mac>" is used for this feature which helps e.g. to isolate hosts infected by worms or viruses.
The default options were changed to "--poision --mac 802.3x --direction BOTH" as already announced in earlier versions.
17 Jun 2004
Version 0.10 (128KiB) released [SIG]
Code cleanups are the main change in this version. Compilation issues with dietlibc 0.26 were fixed also and the tai64n format is used for timestamps now.
16 Dec 2003
Version 0.9 (121KiB) released
This release fixes the handling of MAC-annotated IPs when there exists a more general rule. It provides workarounds for gcc and dietlibc bugs also, and the behavior on duplicate networks with MAC-annotation is now predictable so that e.g. MAC-pools for networks can be configured.
31 Oct 2003
Version 0.8 (117KiB) released
This version fixes a bug of the FROM-mode in combination with 0.0.0.0 IPs which are used e.g. by DHCP or DAD. It is allowed now, to specify MACs of source-addresses, and to poison an intruders IP when he has sent a request. In combination with MAC-tagged IP addresses, the correct MAC can be propagated when an intruder uses the IP of temporarily turned off machines. Some other parts of the code were made more RFC826 compliant also.
09 Sep 2003
Version 0.7 (110KiB) released
This version uses an internal sheduler instead of fork() to send delayed ARP-replies. A new operation-mode was added also which answers requests coming from intruders and it is possible now, to specify the default MAC-address.
06 Aug 2003
Version 0.6 (99KiB) released
This version allows to specify address-ranges and ships with improved init-scripts.
15 Jul 2003
Version 0.5 (96KiB) released
ip-sentinel was fixed to listen only on the interface specified on the command-line. Previous versions listened on all interfaces of the hosts.
27 May 2003
Version 0.4 (95KiB) released
This version allows to specify a MAC address for networks and has an enhanced logging. Some parameters were adjusted and smaller build-problems were solved.
27 Nov 2002
Version 0.3 (93KiB) released
Signal handling with dietlibc, and a typo which caused excessive memory consumption were fixed. Parameters of certain mechanisms were documented and placed into a central header-file. Testsuite does not rely on a specific bsort() implementation anymore.
22 Nov 2002
Version 0.2 (92KiB) released
Documentation was added and minor build-issues were fixed in this version.
16 Nov 2002
Version 0.1 (88KiB) released

Downloads

Latest sources and their GPG signatures can be found here. Filenames which are having the format ip-sentinel-X.Y.tar.bz2 are official releases; such with a triple version like X.Y.Z are inofficial snapshots. A short description and further information are given in README; user visible changes in NEWS

Binary packages are not provided but can be built with the usual

./configure && make && su -c make install

Please look at the output of ./configure --help for further options. When using older versions of dietlibc, you will have to use '--disable-dietlibc'. RPMs can be created by executing

rpmbuild -tb ip-sentinel-<version>.tar.bz2

Enrico Scholz
Last modified: Wed Mar 30 00:10:16 CEST 2005
Valid HTML 4.01! Valid CSS!