a new version of macwatch is included in Gianni's latest snapshot of Thu 08 Apr 2003 (http://www.scaramanga.co.uk/firestorm/firestorm-snapshot.tar.gz) TODOs that have become HAVEDONEs: o verify ethernet address against arp hardware address o check arp decoder layer flags to make sure addresses are available o Gratuitous arp detection (sender/target protocol addresses match) o Unicast request detection (toggleable to disable as routers often use this as cache verification) o Toggleable new address reporting o Code tidy up To toggle features use the following line in your firestorm.conf preprocessor macwatch check_gratuitous=no check_unirequest=no alertnew=no a patch is due in a bit with some little fixes and stuff, but no show stoppers. I'll get some docs written too :) John. -- GPG: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047 WEB: http://www.johnleach.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part