Announcing DHCP/ARP Daemon
I have written a tool for answering ARP’s out of DHCP, as well as logging suspicious ARP behaviour. The program works by connecting to an isc-dhcp server using the omapi protocol, by sniffing arp requests via libpcap (I skipped on the libtrace requirement just this once — theres no point in sending arp replies from a trace anyway), and generates arp replies with libnet.
Some issues with this system is that you need some way to filter ARP replies on your network, you need a switching fabric smart enough to firewall arp replies from, and arp requests to access ports. We are doing this by firewalling traffic through a softmac 802.11 network. This is complicated at best, and downright impossible almost all the other times.
Another issue is that the daemon currently forges the source MAC for the reply packet to come from the destination device which keeps things as similar as possible from the protocol layer, however this may confuse a switch that sees a packet originating from a different port. This could be fixed by having it not forge the source MAC, but that has potential issues with client machines not accepting the arp. This is, however, untested.
The third issue is that the entire program is untested, so use at your own risk. It’s available under the GPL, from svn. My libconfig is required to build. Comments solicited.