This is a small script I have written in C to provide protection against malicious ARP attacks, changing the gateway's MAC Address in the ARP table of a victim's PC.
The program saves the Gateway's MAC and IP Address when started. It then scans for every incoming ARP packet to see if it has the ARP Source of the gateway's ip. It blocks these packets (without a delay, like in other ARP defending scripts) using arptables, and instantly updates the ARP table to match the gateway's IP and MAC. It keeps the attacker's MAC address blocked for receiving ARP packets for 5 minutes. When the program exists, it allows all MAC addresses to send ARP packets again (to the PC running the script), as well as flushing the ARP table.
For now, the script only works on linux. I will try to release a win64 version ASAP.
ARPPD needs arptables to run, so just install it:
sudo apt-get install arptables
There's a pre-built executable in the builds folder, or build it yourself:
To build:
- Run
compile_arppd_linux
OR
- Go in the main directory
- Run:
gcc -o builds/defender-win64 src-win64/defender.c -lpcap -pthread
When the ARPPD will detect a malicious ARP Packet, it will look like this:
Demo Video: https://youtu.be/4NLX8tRyl2E
