Man Linux: Main Page and Category List

NAME

       fake - IP address takeover tool

SYNOPSIS

       fake [remove] IP_ADDRESS

DESCRIPTION

       The  fake  utility  enables  the  switching  in  of  a backup server by
       bringing up an additional interface and using ARP spoofing to take over
       IP_ADDRESS.

       Variants  of  the  script  have  been  used  extensively  at  Zip World
       (http://www.zipworld.com.au/)  for  backing  up  mail,  web  and  proxy
       servers.   Although  this  system  has  been shown to work you are well
       advised  to  test  the  system  thoroughly  before  putting   it   into
       production.

       Please read the documents in /usr/share/doc/fake/ for an explanation of
       how fake works and for a discussion of issues surrounding its use.

OPTIONS

       remove Stop the takeover of an IP address.  Without this  option,  fake
              starts the takeover of an IP address.

GLOBAL CONFIGURATION FILE

       The  global  configuration  file is in /etc/fake/.fakerc.  The settings
       there are overridden by those in ${HOME}/.fakerc.   Here  is  a  sample
       configuration file.

       ############################################################
       # Set up basic environment for fake
       # Variables are set as bash variables
       # i.e. <VARIABLE>=<value>
       #
       # Must set:
       #  ARP_DELAY: Delay in seconds between gratuitous ARP
       #  PID_DIR: Directory where PID files are kept
       #  INSTANCE_CONFIG_DIR: Directory where specific
       #   configuration files for an IP address takeover are kept
       #  CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
       #    to and execute "clear arp-cache"
       #  FAKE_RSH: Programme to use to "rsh" to another machine
       #    to obtain macaddress by running ifconfig
       #
       # PATH can be set here to ensure that send_arp is in the
       #  path
       ############################################################

       FAKE_HOME="/etc/fake"

       #PATH=/sbin:/usr/sbin:/bin:/usr/bin

       ARP_DELAY=1
       CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
       PID_DIR="/var/run"
       INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"

       #Only needed if you wish to send gratuitous ARP
       #advertising the "real" mac address when turning fake off
       #FAKE_RSH=ssh

INSTANCE CONFIGURATION

       To configure an instance of fake, create /etc/fake/instance_config/<IP-
       address-to-take-over>.cfg with the following format:

       SPOOF_IP=<IP-address-to-take-over>

       The SPOOF_IP variable must contain the same IP address  as  appears  in
       the name of the file.  This is checked at run time.

       IFCONFIG=TRUE|FALSE
       SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
       TARGET_INTERFACE=<interface-to-bring-up>

       If  the  IFCONFIG  variable  is  set  to TRUE, the address specified by
       SPOOF_IP  will  be  brought  up   on   the   interface   specified   by
       TARGET_INTERFACE;  SPOOF_NETMASK  and  TARGET_INTERFACE  must  also  be
       defined.

       For obvious reasons it is very important that the TARGET_INTERFACEs  of
       running instances of fake all be different from one another.

       Optionally  if  you  wish  to  rsh to the main server and advertise the
       "real" MAC address when turning fake off then set the following;

       FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
       FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>

       To use this last feature in an automated fashion you will  need  to  be
       able  to $FAKE_RSH to $SPOOF_IP from the host that fake runs on without
       manual authentication.   With  rsh  this  is  typically  achived  using
       .rhosts;  with ssh an RSH key with an empty passphrase can be employed.

       Here is an example of /etc/fake/instance_config/203.12.97.7.cfg:

       SPOOF_IP=203.12.97.7
       IFCONFIG=TRUE
       SPOOF_NETMASK=255.255.255.0
       TARGET_INTERFACE=eth0:2
       FOREIGN_INTERFACE=eth0
       FOREIGN_ARP=5

ACTIVATION

       To activate fake, run:

       fake <IP-address-to-take-over> &

       Logs will be made to the local0.notice syslog facility.

       On startup you should see messages  in  the  syslog;  running  ifconfig
       should  show  the  new interface; running route should show a route for
       the spoofed IP address on the new interface (which  is  needed  so  the
       machine  that  fake  is running on can communicate correctly to this IP
       address); and running  tcpdump  -i  <interface>  arp  should  show  the
       gratuitous ARP packets.

DEACTIVATION

       To deactivate, run:

       fake remove <IP-address-to-take-over>

       As of version 1.1.2 the fake process can be sent a SIGTERM or SIGHUP to
       effect the removal.

       On removal you should see a message in the syslog; ifconfig should show
       that the new interface has been removed; route should show that the new
       route has been removed; and tcpdump should show that the gratuitous ARP
       has stopped.

       Note:  Activating  fake  multiple times with the same arguments has the
       same effect  as  activating  it  once.   Similarly,  deactivating  fake
       multiple  times  with  the  same  arguments  has  the  same  effect  as
       deactivating it once.

FILES

       /etc/fake/.fakerc

       /etc/fake/clear_routers

       /etc/fake/instance_config/<IP-address>.cfg

       /var/run/fake.<IP-address>.pid

AUTHOR

       Horms <horms@verge.net.au>

                                  9 June 2004