Detect ARP spoofing/poisoning

[lctrcl]

Few different ideas/realizations:

• https://github.com/uiucseclab/arpspoofdetect
• http://www.samiux.blogspot.ru/2014/12/howto-arpon-on-mac-osx-yosemite-10101.html
• http://pastebin.com/qHYPYEK2

[pirate]

Awesome idea, thanks! Looks like we'd want to implement both the first link and the last one, since they alert about different things.

The first python script alerts if your MAC is being spoofed on the local network so someone else receives your incoming traffic.
The pastebin bash + growl script alerts if the gateway MAC is being spoofed so someone else is receiving all outgoing traffic.

Both would be incredibly valuable to have, although I'm not sure what the best way to implement this is, since both require running a whole bunch of commands on every poll cycle.
I think the best way is to add a new generic source that is capable of running a shell script and yielding the output. Then we can bundle both these detectors into seperate shell scripts that get run by the source, which passes it to the parsers then the alerters.