#!/usr/bin/perl -w
###########################################################################
## Script ID    : farpce.pl - Force ARP Cache Entries
## Date         : Apr/06/2000 - Apr/15/2000
## Author       : Nelson Brito
## E-mail       : nelson@sekure.org or nelson@secunet.com.br
## URL          : http://stderr.sekure.org/
## Version      : 0.11 Hacked Release
## Contacts     : (+55)(+21) 282-1351 - R.: 104
###########################################################################
use Getopt::Std; use Shell qw(arp);
getopts('f:Qh', \%opts); $version = "0.11-HR";

if(($^O=~/MSWin32/i) && ($ENV{'OS'}=~/Windows_NT/i)){
	system("cls"); $cmd = "-N"; $admin = "Administrator";
} else { system("clear"); $cmd = "-i"; $admin = "root"; }

print "[ Force ARP Cache Entries v. $version | Nelson Brito | Security Network AG ]\n\n";
#($< == 0) || die "Need $admin privileges to execute this script!\n";

if(defined $opts{Q}){ $quite=0; } else { $quite=1; }
if(!defined $opts{f} || defined $opts{h}){ $0=~s/^\.\///i; die "Usage: $0 [-Q] [-f <table.arp>] [-h]\n"; }
if(defined $opts{f}){ $file=$opts{f}; &pperm($file, $quite); }

sub pperm{
	open(FILE, "<".$_[0]) || die "open($_[0]): $!\n"; 
	foreach(<FILE>){
		chomp; 
		if(/^#/){ next; }
		if(((($ip_addr, $hw_addr, $if) = /\s*(.+?)\s+(\S+)\s*\s+(\S+)\s*/) == 3) && !(/^#/)){
			printf("%-25s - %-25s - %-10s\n", $ip_addr, $hw_addr, $if) if $_[1];
			if(($^O=~/MSWin32/i) && ($ENV{'OS'}=~/Windows_NT/i)){
				$hw_addr=~y/:/-/; arp("-s", $ip_addr, $hw_addr, $cmd, $if); 
			} else { arp($cmd, $if, "-s", $ip_addr, $hw_addr); }
		}
	}
	close(FILE);
}
=pod

=head1 NAME

B<farpce.pl - Force ARP Cache Entries v. 0.11-HR>

=head1 SYNOPSIS

B<farpce.pl> [B<-Q>] [B<-f> B<E<lt>table.arpE<gt>>] [B<-h>]

B<-Q>
 Quite mode.

B<-f> B<E<lt>table.arpE<gt>>
 Especifies the file that has the ARP Table Entries to make it B<static>.

B<-h>
 Shows help message.

=head1 DESCRIPTION

Force ARP Cache Entries Perl Script was designed to help System/Network
administrators to prevent B<ARP Cache Poisoning> - ARP Spoof. If you don't know
what ARP Cache Poisoning is see the excelent Yuri Volobuev article post in BUGTRAQ:
 http://www.securityfocus.com/templates/archive.pike?list=1&date=1997-09-22&msg=Pine.A41.3.95.970919050829.19988A-100000@t1.chem.umn.edu

It's a simple and powerfull perl script, based on forcehwaddr by John Goerzen E<lt>jgoerzen@cs.twsu.eduE<gt>.

=head1 FILE FORMAT

The B<FILE FORMAT> is:
 # Comments
 E<lt>IP_ADDRE<gt>  E<lt>TABE<gt>  E<lt>HW_ADDRE<gt>  E<lt>TABE<gt> E<lt>IFACEE<gt>

B<Linux:>
 # It's my own test
 192.168.1.254        0D:00:00:FF:EF:89       eth2
 172.16.1.254         0D:00:00:FF:CF:BA       eth1

B<Windows NT:>
 # It's my own test
 192.168.1.254        0D:00:00:FF:EF:89       192.168.1.1
 172.16.1.254         0D:00:00:FF:CF:BA       172.16.1.1

=head1 AUTHOR

B<Nelson Brito>(a.k.a. B<stderr> from B<Sekure SDI>)
 Security Analyst
 Security Networks AG / IBQN
 Sekure SDI's Member

=head1 COPYRIGHT

B<Copyright (c) 2000 Nelson Brito and Security Network AG / IBQN>. All
rights reserved. This program is free software; you can redistribute it
and/or modify it under the same terms as perl itself.

To contact Security Network AG in Brazil call: 
 B<(+55)(+21) 282-1351 R.: 104>

=cut