|
14 years ago 6 |
"Corrected some English BUGS "
-y option corrected for the newer version of arpon
LOL
Sorry for the english
Hello Today im going to teach you how to Secure your Mint Box on public and non public wifi spots.
Lets go then
The first thing u need is a new gmail account ill explain laiter why .
This are the Apps u need to install in order to start your protection
sendmail, arpon and arpwatch .
Make sure u have the above installed and lets start configurating them
first thing we going to configurate is arpon
Open a Terminal and type in
sudo gedit /etc/default/arpon
u will see a config file with some entries , im not going to post how they look like cuz we going to change those settings, aint that hard . Below is Wath we need to change :]
now pay Attention by default our AP's Access points have a dynamic "DHCP" server for that we will use the Darpi mode. as a daemon.
But make Sure where the eth1 is,, change it by the interface u using over ther ok mate :]
i changed the color of the interface to be more easy to find it eh!
# For DARPI uncomment the following line
DAEMON_OPTS="-d -f /var/log/arpon/arpon.log -g -i eth1 -y 500"
# Modify to RUN="yes" when you are ready
RUN="yes"
Ok settings changed save the file and close the editor .
Next step is to configure arpwatch
At the begining i said to get a new gmail account now ill explain why "in small words "
Most of the email providers tend to block emails sent tru a small machine with a host name like this
my-computer.. But GMAIL dont do that,, instead it sents them to the spam folder but you can edit a filter to avoid that, , and you will get your arp alerts on your inbox folder easy :]
ok now the deal open a termnal and type in
sudo gedit /etc/default/arpwatch
and edit the file to be like this this is just a small conf :]
# Debian: don't report bogons, don't use PROMISC.
ARGS="-N -p"
# Debian: run as `arpwatch' user. Empty this to run as root.
RUNAS="root"
no big deal either
ok now save the file and and close the editor now lets edit the arpwatch.conf
type in,, on the terminal
sudo gedit /etc/arpwatch.conf
and this is the setings u have to put make sure you edit the options thar are on red to match your needs ok :]
make sure u add the setings at the end f the file eh!
eth1 -a -n 192.168.7.1/24 -m myemail@gmail.com
ok now save the file and close the editor
theres no need to edit sendmail by the default it works just grate
now here is the last part and only if you want to test your new ARP protection
first we need to start the services
like this
sudo service sendmail start
sudo service arpwatch start
sudo service arpon start
ok now this is the test. To Test the new tools you need to install
libnet-arp-perl
type in
sudo apt-get install libnet-arp-perl
and get this testing tool from pastebin
"Note: dont bother with line 16, this was an ARP whoiser" ,,
save it as arptest.pl at your home folder.
now open a terminal at your home folder and type in
sudo perl arptest.pl
note : you need to run it as root
ok now test it against your router AP and against your protected machine
below are some screen shots of how the tool works and looks like
------------------------------------------------------------------------------------------------------------
Unprotected Machine my Router :]
This is my Machine a protected one
This is an Example of how things looks like on thunderbird
NOTE the Emails might take some time to reach your inbox ok
And thats it
if for any reason you dont receive a email make sure the services are inicated
or check the mail.info logs to trouble shoot anything you need
for anything else just PM me :]
have fun
pintas has for the both conections i never tried it out
so i can say for sure it will work but you can try
has for the -y option thats for the cache refresh
put it lie this
# For DARPI uncomment the following line
DAEMON_OPTS="-d -f /var/log/arpon/arpon.log -g -i eth1 -y 500"
that option is only required on arpon version 2.0 or higger
i wrote this tuto wend i was using rpon 1.9 and by default the -y would assume a refresh time of 500
:]
Nice and easy tutorial. ;)
You know if i can configure /etc/default/arpon to work with both ethernet and wireless devices? If so, is there any need to setup arpon for ethernet?
Oh, by the way, the option '-y' in 'DAEMON_OPTS="-d -f /var/log/arpon/arpon.log -g -i eth1 -y"' requires an argument. (I just disabled it.)
I get this if i don't disable it:
sudo service arpon start
Starting anti ARP poisoning daemon : arpon
/usr/sbin/arpon: option requires an argument -- 'y'
failed!