SYNOPSIS
fake [remove] IP_ADDRESS
DESCRIPTION
The fake utility enables the switching in of a backup server by bring‐
ing up an additional interface and using ARP spoofing to take over
IP_ADDRESS.
Variants of the script have been used extensively at Zip World
(http://www.zipworld.com.au/) for backing up mail, web and proxy
servers. Although this system has been shown to work you are well
advised to test the system thoroughly before putting it into produc‐
tion.
Please read the documents in /usr/share/doc/fake/ for an explanation of
how fake works and for a discussion of issues surrounding its use.
OPTIONS
remove Stop the takeover of an IP address. Without this option, fake
starts the takeover of an IP address.
GLOBAL CONFIGURATION FILE
The global configuration file is in /etc/fake/.fakerc. The settings
there are overridden by those in ${HOME}/.fakerc. Here is a sample
configuration file.
############################################################
# Set up basic environment for fake
# Variables are set as bash variables
# i.e. <VARIABLE>=<value>
#
# Must set:
# ARP_DELAY: Delay in seconds between gratuitous ARP
# PID_DIR: Directory where PID files are kept
# INSTANCE_CONFIG_DIR: Directory where specific
# configuration files for an IP address takeover are kept
# CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
# to and execute "clear arp-cache"
# FAKE_RSH: Programme to use to "rsh" to another machine
# to obtain macaddress by running ifconfig
#
# PATH can be set here to ensure that send_arp is in the
# path
############################################################
FAKE_HOME="/etc/fake"
#PATH=/sbin:/usr/sbin:/bin:/usr/bin
ARP_DELAY=1
CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
PID_DIR="/var/run"
the name of the file. This is checked at run time.
IFCONFIG=TRUE|FALSE
SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
TARGET_INTERFACE=<interface-to-bring-up>
If the IFCONFIG variable is set to TRUE, the address specified by
SPOOF_IP will be brought up on the interface specified by TARGET_INTER‐
FACE; SPOOF_NETMASK and TARGET_INTERFACE must also be defined.
For obvious reasons it is very important that the TARGET_INTERFACEs of
running instances of fake all be different from one another.
Optionally if you wish to rsh to the main server and advertise the
"real" MAC address when turning fake off then set the following;
FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>
To use this last feature in an automated fashion you will need to be
able to $FAKE_RSH to $SPOOF_IP from the host that fake runs on without
manual authentication. With rsh this is typically achived using
.rhosts; with ssh an RSH key with an empty passphrase can be employed.
Here is an example of /etc/fake/instance_config/203.12.97.7.cfg:
SPOOF_IP=203.12.97.7
IFCONFIG=TRUE
SPOOF_NETMASK=255.255.255.0
TARGET_INTERFACE=eth0:2
FOREIGN_INTERFACE=eth0
FOREIGN_ARP=5
ACTIVATION
To activate fake, run:
fake <IP-address-to-take-over> &
Logs will be made to the local0.notice syslog facility.
On startup you should see messages in the syslog; running ifconfig
should show the new interface; running route should show a route for
the spoofed IP address on the new interface (which is needed so the
machine that fake is running on can communicate correctly to this IP
address); and running tcpdump -i <interface> arp should show the gratu‐
itous ARP packets.
DEACTIVATION
To deactivate, run:
fake remove <IP-address-to-take-over>
FILES
/etc/fake/.fakerc
/etc/fake/clear_routers
/etc/fake/instance_config/<IP-address>.cfg
/var/run/fake.<IP-address>.pid
AUTHOR
Horms <horms@verge.net.au>
9 June 2004 FAKE(8)
TechZilla.biz | TechZilla.info | SlicerUnderground | techzilla.50megs.com | Tohigherground | NextOnStage | EMUslax | GNUlinx | GamesOfDaPast | WorldCrimeWars | Fistula | Asus-Z81k | Riding-Gear | UniformDiscount | WorkWearIt | NuZilla