Results 1 to 2 of 2

Thread: rilevare arp poisoning su wlan

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    10

    Default rilevare arp poisoning su wlan

    sto testando arpwatch per rilevare arp-poisoning su una Wireless lan.

    ho incontrato alcuni problemi ai quali non riesco a venire a capo un pò perchè sono scarso è un pò perche proprio non trovo nessun aiuto in giro.

    ho installato arpwatch senza problemi

    la mia lan è sulla 192.168.3.xx e ho configurato il .conf così:

    Code:
    # /etc/arpwatch.conf: Debian-specific way to watch multiple interfaces.
    # Format of this configuration file is:
    #
    #<dev1> <arpwatch options for dev1>
    #<dev2> <arpwatch options for dev2>
    #...
    #<devN> <arpwatch options for devN>
    #
    # You can set global options for all interfaces by editing
    # /etc/default/arpwatch
    
    #eth0   -m root+eth0
    #eth1   -m root+eth1
    
    wlan0 -a -n 192.168.3.0/24 -m mioindirizzo@gmail.com
    guardando il syslog arpwatch sembra funzionare ma produce errori che non capisco:

    Code:
    root@bt:/etc# less /var/log/syslog |grep arpwatch
    Mar  5 09:24:48 bt arpwatch: bad interface eth0: eth0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 09:24:48 bt arpwatch: Running as uid=121 gid=130
    Mar  5 09:24:48 bt arpwatch: listening on eth0
    Mar  5 09:24:48 bt arpwatch: exiting
    Mar  5 10:06:22 bt arpwatch: bad interface wlan0: wlan0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 10:06:22 bt arpwatch: Running as uid=121 gid=130
    Mar  5 10:06:22 bt arpwatch: listening on wlan0
    Mar  5 10:09:43 bt arpwatch: new station 192.168.3.109 0:16:44:a8:65:e2 wlan0
    Mar  5 10:09:43 bt arpwatch: new station 192.168.3.1 0:e:8e:b8:1f:49 wlan0
    Mar  5 10:10:43 bt sendmail[6025]: p259AhPR006025: from=arpwatch, size=311, class=0, nrcpts=1, msgid=<201103050910.p259AhPR006025@backtrack>, relay=arpwatch@localhost
    Mar  5 10:10:43 bt sendmail[6014]: p259AhlO006014: from=arpwatch, size=294, class=0, nrcpts=1, msgid=<201103050910.p259AhlO006014@backtrack>, relay=arpwatch@localhost
    Mar  5 10:10:43 bt sendmail[6025]: p259AhPR006025: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30311, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 10:10:43 bt sendmail[6014]: p259AhlO006014: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30294, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 10:13:12 bt arpwatch: new station 192.168.3.91 0:19:d2:53:84:ed wlan0
    Mar  5 10:14:12 bt sendmail[6301]: p259ECYL006301: from=arpwatch, size=293, class=0, nrcpts=1, msgid=<201103050914.p259ECYL006301@backtrack>, relay=arpwatch@localhost
    Mar  5 10:14:12 bt sendmail[6301]: p259ECYL006301: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30293, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 10:30:42 bt arpwatch: exiting
    Mar  5 10:31:37 bt arpwatch: bad interface wlan0: wlan0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 10:31:37 bt arpwatch: Running as uid=121 gid=130
    Mar  5 10:31:37 bt arpwatch: listening on wlan0
    Mar  5 10:31:51 bt arpwatch: exiting
    Mar  5 10:58:08 bt arpwatch: bad interface wlan0: wlan0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 10:58:08 bt arpwatch: Running as uid=121 gid=130
    Mar  5 10:58:08 bt arpwatch: listening on wlan0
    Mar  5 10:59:56 bt arpwatch: bad interface eth0: eth0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 10:59:56 bt arpwatch: listening on eth0
    Mar  5 11:02:00 bt arpwatch: new station 192.168.3.79 0:11:95:7f:e7:c9 wlan0
    Mar  5 11:02:08 bt arpwatch: new station 192.168.3.96 0:14:a4:9:6b:f6 wlan0
    Mar  5 11:03:00 bt sendmail[6115]: p25A30gj006115: from=arpwatch, size=303, class=0, nrcpts=1, msgid=<201103051003.p25A30gj006115@backtrack>, relay=arpwatch@localhost
    Mar  5 11:03:00 bt sendmail[6115]: p25A30gj006115: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30303, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:03:08 bt sendmail[6141]: p25A38D1006141: from=arpwatch, size=292, class=0, nrcpts=1, msgid=<201103051003.p25A38D1006141@backtrack>, relay=arpwatch@localhost
    Mar  5 11:03:08 bt sendmail[6141]: p25A38D1006141: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:27:14 bt arpwatch: bad interface eth0: eth0: no IPv4 address assigned - assuming unconfigured interface
    Mar  5 11:27:14 bt arpwatch: listening on eth0
    Mar  5 11:39:56 bt sm-msp-queue[9108]: p25A38D1006141: to=root, ctladdr=arpwatch (121/130), delay=00:36:48, xdelay=00:00:00, mailer=relay, pri=120292, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:39:56 bt sm-msp-queue[9108]: p259ECYL006301: to=root, ctladdr=arpwatch (121/130), delay=01:25:44, xdelay=00:00:00, mailer=relay, pri=120293, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:39:56 bt sm-msp-queue[9108]: p259AhlO006014: to=root, ctladdr=arpwatch (121/130), delay=01:29:13, xdelay=00:00:00, mailer=relay, pri=120294, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:39:56 bt sm-msp-queue[9108]: p25A30gj006115: to=root, ctladdr=arpwatch (121/130), delay=00:36:56, xdelay=00:00:00, mailer=relay, pri=120303, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:39:56 bt sm-msp-queue[9108]: p259AhPR006025: to=root, ctladdr=arpwatch (121/130), delay=01:29:13, xdelay=00:00:00, mailer=relay, pri=120311, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
    Mar  5 11:57:44 bt arpwatch: new station 192.168.3.100 0:c0:ca:39:d1:f0 wlan0
    Mar  5 11:58:44 bt sendmail[10062]: p25Awi4F010062: from=arpwatch, size=295, class=0, nrcpts=1, msgid=<201103051058.p25Awi4F010062@backtrack>, relay=arpwatch@localhost
    Mar  5 11:58:44 bt sm-mta[10117]: p25Awi8a010117: from=<arpwatch@backtrack>, size=537, class=0, nrcpts=1, msgid=<201103051058.p25Awi4F010062@backtrack>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
    Mar  5 11:58:44 bt sendmail[10062]: p25Awi4F010062: to=root, ctladdr=arpwatch (121/130), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30295, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (p25Awi8a010117 Message accepted for delivery)
    Mar  5 11:58:45 bt sm-mta[10118]: p25Awi8a010117: to=<root@backtrack>, ctladdr=<arpwatch@backtrack> (121/130), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30741, dsn=2.0.0, stat=Sent
    inoltre, di mail neanche un ombra, perchè (e qui entra in gioco la mia scarsità) non ho idea di come si configuri sendmail su BT , anche cercando qui su sito e forum non mi pare ci sia una guida, utilizzando sendmailconfig si configura soltanto con il conf presente e non con l'opzione manuale.

    Qualche aiuto?

  2. #2
    Junior Member 0v3rl04d's Avatar
    Join Date
    Feb 2010
    Posts
    36

    Default Re: rilevare arp poisoning su wlan

    Ciao,

    premetto che non conosco arpwatch, ma visto che nessuno ti ha risposto proverò ad aiutarti ^^

    Dall'output sembra che non riconosca l'ip che gli hai assegnato nel conf file... non sono su backtrack, tu se riesci prova a controllare il man di arpwatch per vedere se i comandi che hai assegnato sono corretti...

    Fammi sapere.

    Ciau
    //Visit My Blog//

    #######################################
    #######################################
    #######################################
    #### http://hacksecurityblog.blogspot.com/ ####
    #######################################
    #######################################
    #######################################

Similar Threads

  1. Replies: 5
    Last Post: 08-27-2009, 04:30 AM
  2. Replies: 3
    Last Post: 07-09-2009, 12:29 PM
  3. ARP poisoning
    By Anthropamorphic_Skitzo in forum OLD Wireless
    Replies: 2
    Last Post: 04-05-2009, 09:23 AM
  4. Arp poisoning
    By icebreaker101010 in forum OLD Newbie Area
    Replies: 18
    Last Post: 10-14-2008, 06:18 PM
  5. arp poisoning lan/wlan with ettercap
    By ac251404 in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-23-2008, 11:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •