NAME¶
fake - IP address takeover tool
SYNOPSIS¶
fake [
remove]
IP_ADDRESS
DESCRIPTION¶
The
fake utility enables the switching in of a backup server by bringing
up an additional interface and using ARP spoofing to take over
IP_ADDRESS.
Variants of the script have been used extensively at Zip World
(
http://www.zipworld.com.au/) for backing up mail, web and proxy servers.
Although this system has been shown to work you are well advised to test the
system thoroughly before putting it into production.
Please read the documents in
/usr/share/doc/fake/ for an explanation of
how
fake works and for a discussion of issues surrounding its use.
OPTIONS¶
- remove
- Stop the takeover of an IP address. Without this option, fake starts the
takeover of an IP address.
GLOBAL CONFIGURATION FILE¶
The global configuration file is in
/etc/fake/.fakerc. The settings there
are overridden by those in
${HOME}/.fakerc. Here is a sample
configuration file.
############################################################
# Set up basic environment for fake
# Variables are set as bash variables
# i.e. <VARIABLE>=<value>
#
# Must set:
# ARP_DELAY: Delay in seconds between gratuitous ARP
# PID_DIR: Directory where PID files are kept
# INSTANCE_CONFIG_DIR: Directory where specific
# configuration files for an IP address takeover are kept
# CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
# to and execute "clear arp-cache"
# FAKE_RSH: Programme to use to "rsh" to another machine
# to obtain macaddress by running ifconfig
#
# PATH can be set here to ensure that send_arp is in the
# path
############################################################
FAKE_HOME="/etc/fake"
#PATH=/sbin:/usr/sbin:/bin:/usr/bin
ARP_DELAY=1
CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
PID_DIR="/var/run"
INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"
#Only needed if you wish to send gratuitous ARP
#advertising the "real" mac address when turning fake off
#FAKE_RSH=ssh
INSTANCE CONFIGURATION¶
To configure an instance of
fake, create
/etc/fake/instance_config/<IP-address-to-take-over>.cfg with the
following format:
SPOOF_IP=<IP-address-to-take-over>
The SPOOF_IP variable must contain the same IP address as appears in the name of
the file. This is checked at run time.
IFCONFIG=TRUE|FALSE
SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
TARGET_INTERFACE=<interface-to-bring-up>
If the IFCONFIG variable is set to
TRUE, the address specified by
SPOOF_IP will be brought up on the interface specified by TARGET_INTERFACE;
SPOOF_NETMASK and TARGET_INTERFACE must also be defined.
For obvious reasons it is very important that the TARGET_INTERFACEs of running
instances of
fake all be different from one another.
Optionally if you wish to
rsh to the main server and advertise the
"real" MAC address when turning
fake off then set the
following;
FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>
To use this last feature in an automated fashion you will need to be able to
$FAKE_RSH to $SPOOF_IP from the host that
fake runs on without manual
authentication. With
rsh this is typically achived using
.rhosts; with
ssh an RSH key with an empty passphrase can be
employed.
Here is an example of
/etc/fake/instance_config/203.12.97.7.cfg:
SPOOF_IP=203.12.97.7
IFCONFIG=TRUE
SPOOF_NETMASK=255.255.255.0
TARGET_INTERFACE=eth0:2
FOREIGN_INTERFACE=eth0
FOREIGN_ARP=5
ACTIVATION¶
To activate
fake, run:
fake <IP-address-to-take-over> &
Logs will be made to the local0.notice syslog facility.
On startup you should see messages in the syslog; running
ifconfig should
show the new interface; running
route should show a route for the
spoofed IP address on the new interface (which is needed so the machine that
fake is running on can communicate correctly to this IP address); and
running
tcpdump -i <interface> arp should show the gratuitous ARP
packets.
DEACTIVATION¶
To deactivate, run:
fake remove <IP-address-to-take-over>
As of version 1.1.2 the
fake process can be sent a SIGTERM or SIGHUP to
effect the removal.
On removal you should see a message in the syslog;
ifconfig should show
that the new interface has been removed;
route should show that the new
route has been removed; and
tcpdump should show that the gratuitous ARP
has stopped.
Note: Activating
fake multiple times with the same arguments has
the same effect as activating it once. Similarly, deactivating fake multiple
times with the same arguments has the same effect as deactivating it once.
FILES¶
- /etc/fake/.fakerc
- /etc/fake/clear_routers
- /etc/fake/instance_config/<IP-address>.cfg
- /var/run/fake.<IP-address>.pid
AUTHOR¶
Horms <horms@verge.net.au>