Last active
September 26, 2015 23:25
-
-
Save wilsonsilva/62e6f178233266ed1160 to your computer and use it in GitHub Desktop.
ARP poisoning mitigation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Set the router IP and MAC addresses before running the script | |
| ROUTER_IP_ADDRESS=192.168.0.1 | |
| ROUTER_MAC_ADDRESS=10:FE:ED:4F:FD:3A | |
| arptables -P INPUT DROP | |
| arptables -P OUTPUT DROP | |
| # Only accept arp requests from my router. | |
| arptables -A INPUT -s $ROUTER_IP_ADDRESS --source-mac $ROUTER_MAC_ADDRESS -j ACCEPT | |
| # Send replies only to my router. | |
| arptables -A OUTPUT -d $ROUTER_IP_ADDRESS --destination-mac $ROUTER_MAC_ADDRESS -j ACCEPT | |
| # Add a static entry into the ARP table to link the router to its own MAC. | |
| arp -s $ROUTER_IP_ADDRESS $ROUTER_MAC_ADDRESS | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment