[Tool] Detectez les attaques Man in the Middle !

http://blog.madpowah.org/archives/2010/03/index.html#e2010-03-07T23_51_25.txt

아래 코드는 위 링크를 긁어온 것입니다.
공부하는데 이러한 생각을 길러야되는데.. 미처 이런 부분은 생각도 못하고 있었네요..

#!/usr/local/bin/bash

echo ">> ARP Poisoning Guardian by cloud"

echo ">> website : http://blog.madpowah.org"

echo "-----"

help() {

	echo "Usage: ./arprotec.sh -ip <ip_gateway>"

	exit

}

if [ $# -lt 2 ]

then

	help

	exit

fi

	

if [ "-ip" = $1 ]

then

	ip_gw=$2

else

	help

	exit

fi

arp -a > arpfile

while read line_arp

do

	ip=`echo $line_arp | cut -d ' ' -f2 | cut -d '(' -f2 | cut -d ')' -f1`

	

	if [ $ip = $ip_gw ]

	then

		mac_gw=`echo $line_arp | cut -d ' ' -f4`

	fi

done < arpfile

echo ">> IP :" $ip_gw "MAC :" $mac_gw

echo ">> Now starting..."

echo ">>"

attack=0

while [ 42 -eq 42 ]

do

	arp -a > arpfile

	while read line_arp

	do

		ip=`echo $line_arp | cut -d ' ' -f2 | cut -d '(' -f2 | cut -d ')' -f1`

	

		if [ $ip = $ip_gw ]

		then

			mac_gw_new=`echo $line_arp | cut -d ' ' -f4`

			if [ $mac_gw_new != $mac_gw ]

			then

				if [ $attack -ne 1 ]

				then

					heure=`date | cut -d ' ' -f5`

					echo ">>" $heure "/!\ ARP Poisoning detected !!!"

					echo ">>" $heure "MAC Attacker: " $mac_gw_new

					echo ">>" $heure "You should add a static arp entry typing: arp -s" $ip_gw $mac_gw

					echo ">>"

					attack=1

				fi

			else

				if [ $attack -ne 0 ]

				then

					heure=`date | cut -d ' ' -f5`

					echo ">>" $heure "Attack seems stopped ..."

					echo ">>"

					attack=0

				fi

			fi

		fi

	done < arpfile

	rm arpfile

	sleep 5

done

[cloud@r00t ~]$ ./arprotec.sh -ip 192.168.0.254
>> ARP Poisoning Guardian by cloud
>> website : http://blog.madpowah.org
-----
>> IP : 192.168.0.254 MAC : 00:07:ca:3c:8e:d8
>> Now starting...
>>
>> 23:23:15 /!\ ARP Poisoning detected !!!
>> 23:23:15 MAC Attacker:  00:1c:f0:9e:3f:4a
>> 23:23:15 You should add a static arp entry typing: arp -s 192.168.0.254 00:07:ca:3c:8e:d8
>>
>> 23:25:09 Attack seems stopped ...