7 files changed, 111 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 26ef7c1c0ad4..d7e897a7c9d1 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -24,6 +24,7 @@
     SUBDIR += apache-xml-security-c
     SUBDIR += apg
     SUBDIR += arirang
+    SUBDIR += arpCounterattack
     SUBDIR += authforce
     SUBDIR += autossh
     SUBDIR += avcheck
diff --git a/security/arpCounterattack/Makefile b/security/arpCounterattack/Makefile
new file mode 100644
index 000000000000..bb19119d2613
--- /dev/null
+++ b/security/arpCounterattack/Makefile
@@ -0,0 +1,32 @@
+# New ports collection makefile for:	arpCounterattack
+# Date created:				05 November 2010
+# Whom:					Boris Kochergin <spawk@acm.poly.edu>
+# $FreeBSD$
+#
+
+PORTNAME=	arpCounterattack
+PORTVERSION=	1.2.0
+CATEGORIES=	security
+MASTER_SITES=	http://isis.poly.edu/~bk/${PORTNAME}/ \
+		http://bk.macroblock.net/${PORTNAME}/
+EXTRACT_SUFX=	.tbz
+
+MAINTAINER=	spawk@acm.poly.edu
+COMMENT=	Detects and remedies ARP attacks
+
+LIB_DEPENDS=	dnet.1:${PORTSDIR}/net/libdnet
+
+SUB_FILES=	pkg-message
+
+USE_RC_SUBR=	${PORTNAME}
+
+.include <bsd.port.pre.mk>
+
+post-install:
+	@if [ ! -f ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ]; then \
+		${CP} -p ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf.sample \
+		${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ; \
+	fi
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/arpCounterattack/distinfo b/security/arpCounterattack/distinfo
new file mode 100644
index 000000000000..37d5bf3d58d1
--- /dev/null
+++ b/security/arpCounterattack/distinfo
@@ -0,0 +1,2 @@
+SHA256 (arpCounterattack-1.2.0.tbz) = 28cb61cb799871bbb10057fddbd7a445f10b27725eca088f370eeff157f88f3d
+SIZE (arpCounterattack-1.2.0.tbz) = 507939
diff --git a/security/arpCounterattack/files/arpCounterattack.in b/security/arpCounterattack/files/arpCounterattack.in
new file mode 100644
index 000000000000..6594649d5b21
--- /dev/null
+++ b/security/arpCounterattack/files/arpCounterattack.in
@@ -0,0 +1,44 @@
+#!/bin/sh
+# $FreeBSD
+
+# PROVIDE: arpcounterattack
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Define these arpcounterattack_* variables in one of these files:
+#	/etc/rc.conf
+#	/etc/rc.conf.local
+#	/etc/rc.conf.d/arpcounterattack
+#
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
+#
+arpcounterattack_enable="${arpcounterattack_enable-NO}"
+arpcounterattack_pidfile="/var/run/arpCounterattack.pid"
+
+. /etc/rc.subr
+
+name="arpcounterattack"
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/arpCounterattack"
+
+load_rc_config $name
+
+: ${arpcounterattack_config="%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf"}
+: ${arpcounterattack_flags="-c ${arpcounterattack_config}"}
+
+pidfile="${arpcounterattack_pidfile}"
+required_files="${arpcounterattack_config}"
+
+case "${arpcounterattack_flags}" in
+*-p\ *)
+	echo "ERROR: \$arpcounterattack_flags includes -p option." \
+		"Please use \$arpcounterattack_pidfile instead."
+	exit 1
+	;;
+*)
+	arpcounterattack_flags="-p ${pidfile} ${arpcounterattack_flags}"
+	;;
+esac
+
+run_rc_command "$1"
diff --git a/security/arpCounterattack/files/pkg-message.in b/security/arpCounterattack/files/pkg-message.in
new file mode 100644
index 000000000000..1c44db265d5a
--- /dev/null
+++ b/security/arpCounterattack/files/pkg-message.in
@@ -0,0 +1,11 @@
+
+Before starting arpCounterattack, you should edit its configuration file,
+%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf. Then, add the following
+line to /etc/rc.conf:
+
+arpcounterattack_enable="YES"
+
+Finally, to start it, run the following command:
+
+%%PREFIX%%/etc/rc.d/arpCounterattack start
+
diff --git a/security/arpCounterattack/pkg-descr b/security/arpCounterattack/pkg-descr
new file mode 100644
index 000000000000..7252ac7db14e
--- /dev/null
+++ b/security/arpCounterattack/pkg-descr
@@ -0,0 +1,15 @@
+arpCounterattack is a program for detecting and remedying "ARP attacks." It
+monitors traffic on any number of Ethernet interfaces and examines ARP replies
+and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP
+request that is in conflict with its notion of "correct" Ethernet/IP address
+pairs, it logs the attack if logging is enabled, and, if the Ethernet
+interface that the attack was seen on is is configured as being in aggressive
+mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with
+the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables
+of hosts on the local network segment. The corrective gratuitous ARP request
+and corrective gratuitous ARP reply can be sent from an Ethernet interface
+other than the one that the attack was seen on.
+
+WWW: http://acm.poly.edu/wiki/ARP_Counterattack
+
+-Boris Kochergin <spawk@acm.poly.edu>
diff --git a/security/arpCounterattack/pkg-plist b/security/arpCounterattack/pkg-plist
new file mode 100644
index 000000000000..a37a292e0168
--- /dev/null
+++ b/security/arpCounterattack/pkg-plist
@@ -0,0 +1,6 @@
+sbin/arpCounterattack
+@unexec if cmp -s %D/etc/arpCounterattack/arpCounterattack.conf.sample %D/etc/arpCounterattack/arpCounterattack.conf; then rm -f %D/etc/arpCounterattack/arpCounterattack.conf; fi
+etc/arpCounterattack/arpCounterattack.conf.sample
+@exec if [ ! -f %D/etc/arpCounterattack/arpCounterattack.conf ] ; then cp -p %D/%F %B/arpCounterattack.conf; fi
+etc/arpCounterattack/oui.txt
+@dirrmtry etc/arpCounterattack