NAME

       fake - IP address takeover tool

SYNOPSIS

       fake [remove] IP_ADDRESS

DESCRIPTION

       The  fake  utility enables the switching in of a backup server by bringing up an additional interface and
       using ARP spoofing to take over IP_ADDRESS.

       Variants of the script have been used extensively at Zip World (http://www.zipworld.com.au/) for  backing
       up mail, web and proxy servers.  Although this system has been shown to work you are well advised to test
       the system thoroughly before putting it into production.

       Please read the documents in /usr/share/doc/fake/ for  an  explanation  of  how  fake  works  and  for  a
       discussion of issues surrounding its use.

OPTIONS

       remove Stop  the  takeover  of  an  IP  address.   Without this option, fake starts the takeover of an IP
              address.

GLOBAL CONFIGURATION FILE

       The global configuration file is in /etc/fake/.fakerc.  The settings there are  overridden  by  those  in
       ${HOME}/.fakerc.  Here is a sample configuration file.

       ############################################################
       # Set up basic environment for fake
       # Variables are set as bash variables
       # i.e. <VARIABLE>=<value>
       #
       # Must set:
       #  ARP_DELAY: Delay in seconds between gratuitous ARP
       #  PID_DIR: Directory where PID files are kept
       #  INSTANCE_CONFIG_DIR: Directory where specific
       #   configuration files for an IP address takeover are kept
       #  CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
       #    to and execute "clear arp-cache"
       #  FAKE_RSH: Programme to use to "rsh" to another machine
       #    to obtain macaddress by running ifconfig
       #
       # PATH can be set here to ensure that send_arp is in the
       #  path
       ############################################################

       FAKE_HOME="/etc/fake"

       #PATH=/sbin:/usr/sbin:/bin:/usr/bin

       ARP_DELAY=1
       CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
       PID_DIR="/var/run"
       INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"

       #Only needed if you wish to send gratuitous ARP
       #advertising the "real" mac address when turning fake off
       #FAKE_RSH=ssh

INSTANCE CONFIGURATION

       To configure an instance of fake, create /etc/fake/instance_config/<IP-address-to-take-over>.cfg with the
       following format:

       SPOOF_IP=<IP-address-to-take-over>

       The SPOOF_IP variable must contain the same IP address as appears in the  name  of  the  file.   This  is
       checked at run time.

       IFCONFIG=TRUE|FALSE
       SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
       TARGET_INTERFACE=<interface-to-bring-up>

       If  the  IFCONFIG  variable  is  set to TRUE, the address specified by SPOOF_IP will be brought up on the
       interface specified by TARGET_INTERFACE; SPOOF_NETMASK and TARGET_INTERFACE must also be defined.

       For obvious reasons it is very important that the TARGET_INTERFACEs of running instances of fake  all  be
       different from one another.

       Optionally  if  you wish to rsh to the main server and advertise the "real" MAC address when turning fake
       off then set the following;

       FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
       FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>

       To use this last feature in an automated fashion you will need to be able to $FAKE_RSH to $SPOOF_IP  from
       the  host  that  fake  runs  on  without manual authentication.  With rsh this is typically achived using
       .rhosts; with ssh an RSH key with an empty passphrase can be employed.

       Here is an example of /etc/fake/instance_config/203.12.97.7.cfg:

       SPOOF_IP=203.12.97.7
       IFCONFIG=TRUE
       SPOOF_NETMASK=255.255.255.0
       TARGET_INTERFACE=eth0:2
       FOREIGN_INTERFACE=eth0
       FOREIGN_ARP=5

ACTIVATION

       To activate fake, run:

       fake <IP-address-to-take-over> &

       Logs will be made to the local0.notice syslog facility.

       On startup you should see messages in the syslog; running ifconfig should show the new interface; running
       route should show a route for the spoofed IP address on the new interface (which is needed so the machine
       that fake is running on can communicate correctly to this IP address); and running tcpdump -i <interface>
       arp should show the gratuitous ARP packets.

DEACTIVATION

       To deactivate, run:

       fake remove <IP-address-to-take-over>

       As of version 1.1.2 the fake process can be sent a SIGTERM or SIGHUP to effect the removal.

       On  removal  you should see a message in the syslog; ifconfig should show that the new interface has been
       removed; route should show that the new route  has  been  removed;  and  tcpdump  should  show  that  the
       gratuitous ARP has stopped.

       Note:  Activating  fake multiple times with the same arguments has the same effect as activating it once.
       Similarly, deactivating fake multiple times with the same arguments has the same effect  as  deactivating
       it once.

FILES

       /etc/fake/.fakerc

       /etc/fake/clear_routers

       /etc/fake/instance_config/<IP-address>.cfg

       /var/run/fake.<IP-address>.pid

AUTHOR

       Horms <horms@verge.net.au>

                                                   9 June 2004                                           FAKE(8)