--- embedaddon/arping/README 2012/02/21 22:16:27 1.1.1.1 +++ embedaddon/arping/README 2014/06/15 16:26:43 1.1.1.2 @@ -2,7 +2,7 @@ arping/README ARP Ping - By Thomas Habets + By Thomas Habets http://www.habets.pp.se/synscan/ http://github.com/ThomasHabets/arping @@ -191,13 +191,18 @@ A: Be my guest, but if care about security *at all* yo a network debugging tool, which generates low-level network packets that ordinary users have absolutely no business generating. - For example, I don't protect against an ALRM signal flood, which will result - in a packet flood. (arping 2.x doesn't have this issue) - If you are honestly debugging the network then I don't see why you aren't root already. - If you think I'm wrong, tell me why. + That being said, on Linux you can add the CAP_NET_RAW capability to arping + limiting the damage if arping were to be compromised: + sudo setcap cap_net_raw+ep /usr/local/sbin/arping + This requires a libnet which does not explicitly check for uid 0. The + current version of libnet does check this, so unless you patch it it will + not help. + + Patch: + http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 --- Q: What's this -A switch all about, I don't understand it. @@ -280,5 +285,5 @@ For pinging MAC addresses: range it searches is hard-coded. I may add this to arping some day, but don't hold your breath. ----------------------------------------------------------------------------- -Send questions/suggestions/patches/rants/money/alphas to thomas@habets.pp.se +----------------------------------------------------------------------- +Send questions/suggestions/patches/rants/money/envy to thomas@habets.se