4 files changed, 47 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 034834a1dcc0..2d2960f2f5f2 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -450,6 +450,7 @@
     SUBDIR += samba-vscan
     SUBDIR += samhain
     SUBDIR += sancp
+    SUBDIR += sasp
     SUBDIR += scanlogd
     SUBDIR += scanssh
     SUBDIR += seahorse
diff --git a/security/sasp/Makefile b/security/sasp/Makefile
new file mode 100644
index 000000000000..343815f95b28
--- /dev/null
+++ b/security/sasp/Makefile
@@ -0,0 +1,21 @@
+# New ports collection makefile for:    sasp
+# Date created:        2 September 2004
+# Whom:                sviat
+#
+# $FreeBSD$
+#
+
+PORTNAME=	sasp
+PORTVERSION=	0.1
+CATEGORIES=	security
+MASTER_SITES=	http://sviat.opengeeks.it/codes/sasp/
+
+MAINTAINER=	sviat@OpenGEEKS.it
+COMMENT=	A tool that permits to use a gateway whatever IP we have
+
+BUILD_DEPENDS=	 ${LOCALBASE}/include/libnet/libnet-types.h:${PORTSDIR}/net/libnet-devel
+
+NO_WRKSUBDIR=	yes
+PLIST_FILES=	sbin/sasp
+
+.include <bsd.port.mk>
diff --git a/security/sasp/distinfo b/security/sasp/distinfo
new file mode 100644
index 000000000000..84f43f2249cb
--- /dev/null
+++ b/security/sasp/distinfo
@@ -0,0 +1,2 @@
+MD5 (sasp-0.1.tar.gz) = 01cdaf87a0ac27bc5d52a01e4e858c78
+SIZE (sasp-0.1.tar.gz) = 3709
diff --git a/security/sasp/pkg-descr b/security/sasp/pkg-descr
new file mode 100644
index 000000000000..4e8190943d13
--- /dev/null
+++ b/security/sasp/pkg-descr
@@ -0,0 +1,23 @@
+This is a tool that uses ARP poisoning  to  have  a  scenario
+like this: we have a LAN and we want offer connectivity to every-
+one coming here with his laptop for example. It could happen that
+our  customer  has  his  network parameters already configured to
+work correctly in his own LAN, but not working here. We can  have
+then this scenario:
+Customer's  host (10.0.0.2/8 and default gateway set to 10.0.0.1)
+Our LAN (192.168.0.0/24 with real gateway 192.168.0.254).
+All that we want is that our customer plugs his laptop  and  joins
+the  internet without changing nothing of his network parameters.
+Here comes this tool installed in my real gw(192.168.0.254)  It's
+a  sort  of sniffer, because it sniffs broadcast ARP requests for
+the gateway and answers that the gateway is itself In our example
+our  customer's  laptop  sends  this request: arp who-has 10.0.0.1
+tell 10.0.0.2 Now our gateway does the following: 1)  Sends  back
+this  reply to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address
+2)Create the alias 10.0.0.254 (ARP is not routable so we need one
+alias  for each subnet that is not our one) 3)Sends itself an ARP
+reply to refresh his ARP cache
+It is different from proxy arp for two reasons: first it runs  in
+user  space,  then in this case we can plug machines belonging to
+whatever subnet, while proxy arp is used in the case of only  two
+different ones.