Arpwatch

Arpwatch

Post by Steve Ledfor » Sun, 29 Aug 1999 04:00:00



I have some questions about the operation of arpwatch. I originally
installed the package since I though it would mail me when my dhcp ip
from my cable modem changed. However, when I look in the logs,
/var/log/messages, I see all kinds if arpwatch logs that are not
registering email.

arpwatch bogon some.ip.from.net

First, what is this bogon stuff? And the other is I have a whole bunch
of IP addresses in the log, is this because arpwatch is watching ip
traffic whether it hits the machine or is this a sign of port scans and
hack attempts?

TIA

 
 
 

Arpwatch

Post by DanH » Sun, 29 Aug 1999 04:00:00



> I have some questions about the operation of arpwatch. I originally
> installed the package since I though it would mail me when my dhcp ip
> from my cable modem changed. However, when I look in the logs,
> /var/log/messages, I see all kinds if arpwatch logs that are not
> registering email.

> arpwatch bogon some.ip.from.net

> First, what is this bogon stuff? And the other is I have a whole bunch
> of IP addresses in the log, is this because arpwatch is watching ip
> traffic whether it hits the machine or is this a sign of port scans and
> hack attempts?

> TIA

arpwatch will register an IP whether it's going to the machine running
it or not.  Basically ignore (for the sake of security) arpwatch other
than having a good record of who's sending traffic along the pipe that
the box is connected to.

If you want to see who's hitting your box (legit or otherwise) get
iplog.  It's on linuxberg.  That will only log if the traffic is towards
your box.

Dan
--
UNIX - Not just for vestal *s anymore
Linux - Choice of a GNU generation

 
 
 

1. temporarily blocking an IP: dhcp users & arpwatch

ok guys the windoze crew is saying that this radius (??) software can
do the job and maintain a hash of ip and ethernet addresses, serving
only those dhcp client requests from the correct ethernet address.

i can't imagine we in the Unix world don't have a clean solution
outside of hacking the damn dhcpd daemon itself to maintain that hash
and only serve "authorized" ethernet addresses the "authorized" ip
address.

anyone have any comments/suggestions

and someone said Linux has radius True [] False []
so what
anyway i don't like the sound of this crap.

2. Modify MTU size

3. help! arpwatch flip flop

4. Hard drive not detected on my Gateway P3-450 desktop

5. Arpwatch: how to interpret data?

6. find command problem

7. arpwatch -> reboot

8. Netscape prob w/ backspace!

9. arpwatch help needed

10. arpwatch

11. arpwatch question

12. arpwatch any build it for linux?

13. Arpwatch on virtual devices