|
|
Sponsored Content
Operating Systems
AIX
POWER HA 5.5 & Service IP / disk heart beat
Post 302410273 by ross.mather on Monday 5th of April 2010 01:34:39 PM
04-05-2010
|
|
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi gurus of Unix, I am newby in Unix, I need to Know the following.
How I know if SSH & Telnet service is UP in Solaris?
Please I appreciate your answer
Regard
Andres (2 Replies)
Discussion started by: andresguillen
2 Replies
2. Infrastructure Monitoring
I'm trying to register & start a service using SMF on Solaris 10. It's nsca, part of the Nagios monitoring system. I've got nsca running fine as a detached process, and can manually create passive checks via send_nsca. But when I try to run nsca as a daemon, I need some advice.
The nsca... (0 Replies)
Discussion started by: lyle
0 Replies
3. What is on Your Mind?
Since i was planning to buy a laptop i was just wondering how Problematic these brands products are and how is the after sales service & warranty issues in India(Delhi). (1 Reply)
Discussion started by: Leyvanom
1 Replies
4. AIX
hi guys,
I don't like the new concept of the power ha 7 cluster with the repository disk and the internal solidb, I really would like to mirror this disk, but the "IBM PowerHA SystemMirror 7.1 for AIX" redbook says, normal lvm operations should not be performed on this disk.
even mirroring the... (0 Replies)
Discussion started by: funksen
0 Replies
5. What is on Your Mind?
I just had this idea of using Android (a linux derivative) to monitor heart rates of patients with a history of cardiac problems. There are plenty apps around that monitor heart rates, but none for people that require medical attention when their heart rate drops below a certain level for more... (0 Replies)
Discussion started by: figaro
0 Replies
6. UNIX for Advanced & Expert Users
The disk drive for /tmp is not ready yet or not present && the disk drive for /boot is not ready yet
Hi Team
when I boot the server I get this 2 errors :
the disk drive for /tmp is not ready yet or not present
the disk drive for /boot is not ready yet or not present
and its stay like that , I m using Ubuntu 12.04
please if someone have any idea how to fix that problem . (1 Reply)
Discussion started by: SULTAN01
1 Replies
7. AIX
Hello,
I would like to check how many SAS disks and its size per disk for the whole power system. As per my understanding, if we assign the SAS controller to LPAR, then we can see the disk in lpar smitty command.
How can we check from the Power machine(physical ones) as well? I think the... (5 Replies)
Discussion started by: Phat
5 Replies
LEARN ABOUT DEBIAN
arpon
arpon(8) System Manager's Manual arpon(8) NAME
arpon - Arp handler inspectiON SYNOPSIS
arpon [ -npqfgiolcxsydevh ] [ -n Nice value ] [ -p Pid file ] [ -f Log file ] [ -i Iface ] [ -c Cache file ] [ -x Timeout ] [ -y Timeout ] DESCRIPTION
ArpON (Arp handler inspectiON) is a portable handler daemon that make Arp secure in order to avoid Arp Spoofing/Poisoning & co. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or "Static Arp Inspection", the second on DARPI or "Dynamic Arp Inspection" approach. SARPI and DARPI protect both bidirectional and distributed attacks. In "Bidirectional protection" is required that ArpON is installed and running on two nodes of the connection attached. In "Distributed protection" is required that ArpON is installed and running on all nodes of the connections attacked. All other nodes whitout ArpON will not be protected from attack. Keep in mind other common tools fighting ARP poisoning usually limit their activity only to point out the problem instead of blocking it, ArpON does it using SARPI and DARPI policies. Finally you can use ArpON to pentest some switched/hubbed LAN with/without DHCP protocol, in fact you can disable the daemon in order to use the tools to poison the ARP Cache. Remember it doesn't affect the communication efficiency of the ARP protocol! OPTIONS
TASK MODE -n (--nice) <Nice Value> Sets PID's CPU priority (Default: 0 nice). -p (--pid-file) <Pid file> Sets the pid file (Default /var/run/arpon.pid). -q (--quiet) Works in background task. LOG MODE -f (--log-file) <Log file> Sets the log file (Default: /var/log/arpon.log). -g (--log) Works in logging mode. DEVICE MANAGER ArpON is an ARP handler and it is able to handle network devices automatically (default) or manually, to print a list of up network inter- faces of the system. It identifies the interface's datalink layer you are using but it supports only Ethernet/Wireless as datalink. It sets the netowrk inter- face and check running, online ready and it deletes the PROMISCUE flag. The online ready checks unplug (virtual and physical), boot, hiber- nation and suspension OS' features for Ethernet/Wireless card. It handles these features and reset the network interface automatically when it will ready. -i (--iface) <Iface> Sets your Ethernet device manually. -o (--iface-auto) Sets Ethernet device automatically. -l (--iface-list) Prints all Ethernet devices. STATIC ARP INSPECTION When SARPI starts, it saves statically all the ARP entries it finds in the ARP cache in a static cache called SARPI Cache. Note that you must manage the ARP through the SARPI cache from file feature of ArpON. After the startup, ArpON operations are split in two parallel tasks: - It automatically updates the ARP cache each time the timeout expires; timeout is simply the expire time of each entry in the ARP cache, defined according to the policy set in the running kernel. Timeout is set by default to 10 minutes, but you can override this value. - It applies policies to the ARP cache, according to the following three schemes: 1) For each received ARP reply, ArpON checks whether source addresses match an entry in the SARPI cache. In such case, the new entry will overwrite the old one, previously saved in the static cache. Here, ArpON will defend and block ARP Poisoning/Spoofing attacks. 2) For each received ARP request, ArpON checks wheter the source addresses match an entry in the SARPI cache. In such case, the new entry will overwrite the old one, previously saved in the static cache. Here, ArpON will defend and block ARP Poisoning/Spoofing attacks. 3) Every ARP request/reply whose source address doesn't match an entry in the SARPI cache are just ignored. Both these operations are a countermeasure against ARP Poisoning/Spoofing attacks, as SARPI detects and blocks them. SARPI doesn't affect the communication efficiency of the ARP protocol. SARPI just manages a list with static entries, making it an optimal choice in those net- works without DHCP. Finally, it's possible to use SARPI as a daemon, using the "TASK MODE" and "LOG MODE" feature of ArpON. It supports daemon exit by SIGINT, SIGTERM, SIGQUIT and daemon reboot by SIGHUP and SIGCONT POSIX signals. -c (--sarpi-cache) <Cache file> Sets Arp Cache entries from file (Default: /etc/arpon.sarpi). -x (--sarpi-timeout) <Timeout> Sets Arp Cache refresh timeout (Default: 10 minuts). -s (--sarpi) Manages Arp Cache statically. DYNAMIC ARP INSPECTION DARPI startup phase consists in cleaning up the ARP cache, deleting all of its entries. This is due because ARP cache may have poisoned entries from the beginning. DARPI handles the so called DARPI cache, applying different policies to different kinds of packets: - ARP request: It traces ARP requests and follows these rules if traffic is: 1) Outbound: Packets are generated by us. ArpON let them pass, adding an entry with the target to the DARPI cache (see ARP reply - Inbound). On this DARPI cache entry, DARPI sets timeout because if this entry doesn't exist in network, DARPI must to delete it. 2) Inbound: Packets come to us from the network. ArpON refuses the packet, deleting the entry of the source address from the ARP cache, because such packet may be poisoned. Afterwards, the kernel will send an ARP request to the source address, and it will be managed by ArpON through DARPI. Here, ArpON will defend and block ARP Poisoning/Spoofing attacks through the ARP requests. - ARP reply: It traces the ARP replies, and follows these rules if traffic is: 1) Outbound: Packets are generated by us. ArpON just lets them pass. 2) Inbound: Packets come to us from the network. ArpON checks whether the source address matches an entry in the DARPI cache (see ARP request - Outbound), it lets the packet flow, adding an entry in the ARP cache. Otherwise, if the source address doesn't match any entry in the DARPI cache, ArpON refuses the packet, deleting the entry from the ARP cache. Here ArpON defends and blocks ARP Poisoning/Spoofing attacks through the ARP replies. Both types of packets are used to perform ARP Poisoning/Spoofing attacks, as DARPI detects and blocks them. DARPI doesn't affect the commu- nication efficiency of the ARP protocol. DARPI manages uniquely a list with dynamic entries. Therefore it's an optimal solution in networks having DHCP. Finally, it's possible to use DARPI as a daemon, using the "TASK MODE" and "LOG MODE" feature of ArpON. It supports daemon exit by SIGINT, SIGTERM, SIGQUIT and daemon reboot by SIGHUP and SIGCONT POSIX signals. -y (--darpi-timeout) <Timeout> Sets DARPI Cache entry timeout (Default: 500 milliseconds). -d (--darpi) Manages Arp Cache dynamically. MISC FEATURES Other. -e (--license) Prints license page. -v (--version) Prints version number. -h (--help) Prints help summary page. EXAMPLES
- Static ARP Inspection: Example of /etc/arpon.sarpi: # Example of arpon.sarpi # 192.168.1.1 0:25:53:29:f6:69 172.16.159.1 0:50:56:c0:0:8 # With 1 minut of timeout for arp cache refresh: # root:ArpON-2.0 $ ./arpon -i en1 -x 1 -s ArpON "Arp handler inspectiON" 2.0 (http://arpon.sourceforge.net) 12:55:03 - Wait link connection on en1... 12:55:12 - SARPI on dev(en1) inet(192.168.1.4) hw(0:23:6c:7f:28:e7) 12:55:12 - Arp Cache restore from /etc/arpon.sarpi... 12:55:12 - Protects these Arp Cache's entries: 12:55:12 - 1) 192.168.1.1 -> 0:25:53:29:f6:69 12:55:12 - 2) 172.16.159.1 -> 0:50:56:c0:0:8 12:55:12 - Arp Cache refresh timeout: 1 minut. 12:55:12 - Realtime Protect actived! 12:55:22 - Request << Refresh entry 192.168.1.1 -> 0:25:53:29:f6:69 12:55:22 - Reply >> Send to 192.168.1.1 -> 0:25:53:29:f6:69 12:55:39 - Request >> Send to 192.168.1.1 -> 0:0:0:0:0:0 12:55:39 - Reply << Refresh entry 192.168.1.1 -> 0:25:53:29:f6:69 12:56:03 - Request << Ignore entry 192.168.1.93 -> 0:23:6c:7f:28:e7 12:56:03 - Reply >> Send to 192.168.1.93 -> 0:c:29:3:e5:98 12:56:12 - Refresh these Arp Cache entries: 12:56:12 - 1) 192.168.1.1 -> 0:25:53:29:f6:69 12:56:12 - 2) 172.16.159.1 -> 0:50:56:c0:0:8 ... - Dynamic ARP Inspection: # root:ArpON-2.0 $ ./arpon -i en1 -d ArpON "Arp handler inspectiON" 2.0 (http://arpon.sourceforge.net) 14:11:32 - Wait link connection on en1... 14:11:41 - DARPI on dev(en1) inet(192.168.1.4) hw(0:23:6c:7f:28:e7) 14:11:41 - Deletes these Arp Cache entries: 14:11:41 - 1) 192.168.1.1 -> 0:25:53:29:f6:69 14:11:41 - Cache entry timeout: 500 milliseconds. 14:11:41 - Realtime Protect actived! 14:11:41 - Request << Delete entry 192.168.1.1 -> 0:25:53:29:f6:69 14:11:41 - Reply >> Send to 192.168.1.1 -> 0:25:53:29:f6:69 14:11:41 - Request >> Add entry 192.168.1.1 14:11:41 - Reply << Refresh entry 192.168.1.1 -> 0:25:53:29:f6:69 14:11:49 - Request >> Add entry 192.168.1.5 14:11:49 - Reply << Delete timeout entry 192.168.1.5 14:12:04 - Request >> Add entry 192.168.1.1 14:12:04 - Reply << Refresh entry 192.168.1.1 -> 0:25:53:29:f6:69 ... AUTHOR
ArpON was writen by: Andrea Di Pasquale <spikey.it@gmail.com> The current version is available via http: http://arpon.sourceforge.net BUGS
Please send problems, bugs, questions, desirable enhancements, patch, source code contributions, etc. to: spikey.it@gmail.com 04 April 2010 arpon(8)