>
> On Do, Jan 29 2009, Thierry FOURNIER wrote:
>
>
>> [...]
>> can you send me your config file and your arpalert version ?
>>
>
> Hi Thierry,
>
> many thanks for your response. The config file is attached, I'm
> running 2.0.9.
>
>
>>> Moreover, what is an "authorisation" for a MAC address?
>>> What is different if I put the following line into authrq.conf:
>>>
>>>> [01:02:03:04:05:06 eth0] 10.0.0.1 10.0.0.2
>>>>
>> the authorisation is a list of ip addresses can be requested by a mac
>> adress. in the exemple, the host with the mac address "01:02:03:04:05:06"
>> can be send arp request for ip 10.0.0.1 and 10.0.0.2.
>>
>> if arpalert watch arp request from the mac address "01:02:03:04:05:06" and
>> the ip requested is 10.6.7.8, it can be send alert.
>>

If the flag "ip_change" is set, arpalert does not remember any IP for
the mac address. You can speficy only one ip for one mac address. the
flag ip_change does not permit to remember more than one ip, just
disable ip_change notification for this mac address.

The internal structs of arpalert can not permit more than one ip per
mac. is a stupid conception :-). In the next major version (2.1.0 or
3.0.0), I can build this feature.

>
> What type of alert would that be? IP change or unauthorized arp
> request?
> Should I still see ip_change alerts for 10.0.0.1 and 10.0.0.2 if
> they keep changing?
>
> Thanks
> Jens
>
>

-- 
To unsubscribe send a mail to list+unsubscribe_at_arpalert.org