Prevent ARP spoofing using shARP
ARP spoofing is a type of MiTM (Man-in-the-middle) attack it may allow an attacker to intercept data frames on a network as well as modify the traffic and stop traffic from communicating with router or gateway. Often the attack is used as opening for other attacks , such as denial of service, session hijacking attacks and other malicious activities such as using targets router as a C&C server for Botnets to launch other potentially dangerous attacks on a wider scale. ARP spoofing, ARP cache poisoning, or ARP poison routing, is a hacking technique it works by the attacker sending (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. The main aim of ARP spoofing is to associates attacker’s MAC address with an IP address of another host on the target network, such as router,default gateway, This causes traffic meant for router or default gateway IP address to then be sent to the attacker instead of the router essentially ARP spoofing will mimic the default gateway such as a router and trick other hosts within the same network into sending the data back to the attackers machine instead.
Today I will be showing you how to prevent ARP spoofing this will then help us prevent attacks such as MiTM (Man-in-the-middle) attacks we will be using using a bash script called shARP is an anti-ARP spoofing application software that use active scanning method to detect and remove any ARP spoofer from the network.
ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks. This anti- ARP spoofing program, (shARP) detects the presence of a third party in a private network actively. It has 2 mode: defensive and offensive.
Defensive mode protects the end user from the spoofer by disconnecting the user’s system from the network and alerts the user by an audio message as soon as spoofing is detected.
Offensive mode disconnects the user’s system from the network and further kicks out the attacker by sending De-authentication packets to his system, doesn’t him to reconnect to the network until the program is manually reset.
Now we know what shARP does we can now use it to protect our systems from APR-Spoofing.
First we need to Download shARP in a new terminal use the following commands to download shARP.
git clone https://github.com/europa502/shARP.git
Now that shARP is downloaded the next thing we need to do is make the bash script executable using chmod.
First navigate to the download directory for shARP.
Next enter command below this will make bash script executable.
chmod +x shARP.sh
Now we can run shARP using one of the following commands.
bash ./shARP.sh -r [interface] to reset the network card and driver. bash ./shARP.sh -d [interface] to activate the program in defense mode. bash ./shARP.sh -o [interface] to activate the program in offense mode.
bash ./shARP.sh -h for help
shARP creates a log file (/usr/shARP/) that contains the details of the attacker such as the attackers mac address, mac vendor, time and date that the attack occurred. shARP can also identify the NIC of the attackers system with the help of the obtained mac address.
If you want audio alerts in shARP install espeak or you can comment lines within the script in the source code.
apt-get install espeak
If you enjoyed this tool please consider leaving the author a star on Github.