I used arpalert tool on Ubuntu. Basically it gives an alert when there is an unauthorized arp connection.
There are 2 data files called maclist.allow and maclist.deny. maclist.allow uses to say about the mac addresses which are allowed and maclist.deny for denied macs. The file content should be like this. MAC IP DEV
So first problem is, how do I set the exact IPs when there are dynamic? If I only know the router MAC then I can't use the .deny file. So can I use .allow file instead that? Whatsoever, how can I prevent(alert) all arp connections with unknown host except the router? Thank You.
Depending on the version you are running - it is fine to start with having 0.0.0.0 there.
You will then simply get IP change notifications on - which you then can filter; as they are for non-new mac addresses. While you can still detect non whitelisted MACs and changes of non whitelisted macs.
Thanks,
Dw.