Due to the lack of physical security in a wireless network, low-level attacks are of a much greater concern than they would be on a wired network. ARP poisoning, as discussed in Chapter 2, allows a malicious host to act as a man in the middle for machines on the network. The static ARP settings discussed earlier in this chapter are one way to protect yourself from ARP-based problems.

However, being able to detect ARP issues on the network gives you a window into the overall security of the network. If someone on the network is attempting ARP spoofing attacks, it is safe to assume your packets are being sniffed and your data is a risk. A program called arpwatch will watch the network for you and report any unusual activity. In order to use arpwatch, the program must have access to raw frames being sent across the wire. This requires CONFIG_PACKET support in your kernel.

For a complete discussion of arpwatch and how to configure it, see Section 4.1.6.1.

syslog is a common audit facility that any application on a host can use. Many standard applications as well as the kernel log send very useful information to syslog. Being able to direct syslog data to a desired location and monitor ...