NAME

       fake - IP address takeover tool

SYNOPSIS

       fake [remove] IP_ADDRESS

DESCRIPTION

       The  fake utility enables the switching in of a backup server by bringing up an additional
       interface and using ARP spoofing to take over IP_ADDRESS.

       Variants   of   the    script    have    been    used    extensively    at    Zip    World
       (http://www.zipworld.com.au/)  for  backing up mail, web and proxy servers.  Although this
       system has been shown to work you are well advised to test the  system  thoroughly  before
       putting it into production.

       Please read the documents in /usr/share/doc/fake/ for an explanation of how fake works and
       for a discussion of issues surrounding its use.

OPTIONS

       remove Stop the takeover of an IP address.  Without this option, fake starts the  takeover
              of an IP address.

GLOBAL CONFIGURATION FILE

       The  global configuration file is in /etc/fake/.fakerc.  The settings there are overridden
       by those in ${HOME}/.fakerc.  Here is a sample configuration file.

       ############################################################
       # Set up basic environment for fake
       # Variables are set as bash variables
       # i.e. <VARIABLE>=<value>
       #
       # Must set:
       #  ARP_DELAY: Delay in seconds between gratuitous ARP
       #  PID_DIR: Directory where PID files are kept
       #  INSTANCE_CONFIG_DIR: Directory where specific
       #   configuration files for an IP address takeover are kept
       #  CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
       #    to and execute "clear arp-cache"
       #  FAKE_RSH: Programme to use to "rsh" to another machine
       #    to obtain macaddress by running ifconfig
       #
       # PATH can be set here to ensure that send_arp is in the
       #  path
       ############################################################

       FAKE_HOME="/etc/fake"

       #PATH=/sbin:/usr/sbin:/bin:/usr/bin

       ARP_DELAY=1
       CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
       PID_DIR="/var/run"
       INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"

       #Only needed if you wish to send gratuitous ARP
       #advertising the "real" mac address when turning fake off
       #FAKE_RSH=ssh

INSTANCE CONFIGURATION

       To configure an instance of  fake,  create  /etc/fake/instance_config/<IP-address-to-take-
       over>.cfg with the following format:

       SPOOF_IP=<IP-address-to-take-over>

       The SPOOF_IP variable must contain the same IP address as appears in the name of the file.
       This is checked at run time.

       IFCONFIG=TRUE|FALSE
       SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
       TARGET_INTERFACE=<interface-to-bring-up>

       If the IFCONFIG variable is set to TRUE, the address specified by SPOOF_IP will be brought
       up on the interface specified by TARGET_INTERFACE; SPOOF_NETMASK and TARGET_INTERFACE must
       also be defined.

       For obvious reasons it is very important that the TARGET_INTERFACEs of  running  instances
       of fake all be different from one another.

       Optionally if you wish to rsh to the main server and advertise the "real" MAC address when
       turning fake off then set the following;

       FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
       FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>

       To use this last feature in an automated fashion you will need to be able to $FAKE_RSH  to
       $SPOOF_IP from the host that fake runs on without manual authentication.  With rsh this is
       typically achived using .rhosts; with ssh an RSH key  with  an  empty  passphrase  can  be
       employed.

       Here is an example of /etc/fake/instance_config/203.12.97.7.cfg:

       SPOOF_IP=203.12.97.7
       IFCONFIG=TRUE
       SPOOF_NETMASK=255.255.255.0
       TARGET_INTERFACE=eth0:2
       FOREIGN_INTERFACE=eth0
       FOREIGN_ARP=5

ACTIVATION

       To activate fake, run:

       fake <IP-address-to-take-over> &

       Logs will be made to the local0.notice syslog facility.

       On  startup  you  should  see messages in the syslog; running ifconfig should show the new
       interface; running route should show a route  for  the  spoofed  IP  address  on  the  new
       interface  (which  is  needed  so  the  machine  that  fake  is running on can communicate
       correctly to this IP address); and running tcpdump -i  <interface>  arp  should  show  the
       gratuitous ARP packets.

DEACTIVATION

       To deactivate, run:

       fake remove <IP-address-to-take-over>

       As  of  version  1.1.2  the  fake  process  can  be sent a SIGTERM or SIGHUP to effect the
       removal.

       On removal you should see a message in the syslog;  ifconfig  should  show  that  the  new
       interface  has  been  removed;  route should show that the new route has been removed; and
       tcpdump should show that the gratuitous ARP has stopped.

       Note: Activating fake multiple times with the  same  arguments  has  the  same  effect  as
       activating  it  once.  Similarly, deactivating fake multiple times with the same arguments
       has the same effect as deactivating it once.

FILES

       /etc/fake/.fakerc

       /etc/fake/clear_routers

       /etc/fake/instance_config/<IP-address>.cfg

       /var/run/fake.<IP-address>.pid

AUTHOR

       Horms <horms@verge.net.au>

                                           9 June 2004                                    FAKE(8)