diff options
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/arpCounterattack/Makefile | 32 | ||||
-rw-r--r-- | security/arpCounterattack/distinfo | 2 | ||||
-rw-r--r-- | security/arpCounterattack/files/arpCounterattack.in | 44 | ||||
-rw-r--r-- | security/arpCounterattack/files/pkg-message.in | 11 | ||||
-rw-r--r-- | security/arpCounterattack/pkg-descr | 15 | ||||
-rw-r--r-- | security/arpCounterattack/pkg-plist | 6 |
7 files changed, 111 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 26ef7c1c0ad4..d7e897a7c9d1 100644 --- a/security/Makefile +++ b/security/Makefile @@ -24,6 +24,7 @@ SUBDIR += apache-xml-security-c SUBDIR += apg SUBDIR += arirang + SUBDIR += arpCounterattack SUBDIR += authforce SUBDIR += autossh SUBDIR += avcheck diff --git a/security/arpCounterattack/Makefile b/security/arpCounterattack/Makefile new file mode 100644 index 000000000000..bb19119d2613 --- /dev/null +++ b/security/arpCounterattack/Makefile @@ -0,0 +1,32 @@ +# New ports collection makefile for: arpCounterattack +# Date created: 05 November 2010 +# Whom: Boris Kochergin <spawk@acm.poly.edu> +# $FreeBSD$ +# + +PORTNAME= arpCounterattack +PORTVERSION= 1.2.0 +CATEGORIES= security +MASTER_SITES= http://isis.poly.edu/~bk/${PORTNAME}/ \ + http://bk.macroblock.net/${PORTNAME}/ +EXTRACT_SUFX= .tbz + +MAINTAINER= spawk@acm.poly.edu +COMMENT= Detects and remedies ARP attacks + +LIB_DEPENDS= dnet.1:${PORTSDIR}/net/libdnet + +SUB_FILES= pkg-message + +USE_RC_SUBR= ${PORTNAME} + +.include <bsd.port.pre.mk> + +post-install: + @if [ ! -f ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ]; then \ + ${CP} -p ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf.sample \ + ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ; \ + fi + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/arpCounterattack/distinfo b/security/arpCounterattack/distinfo new file mode 100644 index 000000000000..37d5bf3d58d1 --- /dev/null +++ b/security/arpCounterattack/distinfo @@ -0,0 +1,2 @@ +SHA256 (arpCounterattack-1.2.0.tbz) = 28cb61cb799871bbb10057fddbd7a445f10b27725eca088f370eeff157f88f3d +SIZE (arpCounterattack-1.2.0.tbz) = 507939 diff --git a/security/arpCounterattack/files/arpCounterattack.in b/security/arpCounterattack/files/arpCounterattack.in new file mode 100644 index 000000000000..6594649d5b21 --- /dev/null +++ b/security/arpCounterattack/files/arpCounterattack.in @@ -0,0 +1,44 @@ +#!/bin/sh +# $FreeBSD + +# PROVIDE: arpcounterattack +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# Define these arpcounterattack_* variables in one of these files: +# /etc/rc.conf +# /etc/rc.conf.local +# /etc/rc.conf.d/arpcounterattack +# +# DO NOT CHANGE THESE DEFAULT VALUES HERE +# +arpcounterattack_enable="${arpcounterattack_enable-NO}" +arpcounterattack_pidfile="/var/run/arpCounterattack.pid" + +. /etc/rc.subr + +name="arpcounterattack" +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/arpCounterattack" + +load_rc_config $name + +: ${arpcounterattack_config="%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf"} +: ${arpcounterattack_flags="-c ${arpcounterattack_config}"} + +pidfile="${arpcounterattack_pidfile}" +required_files="${arpcounterattack_config}" + +case "${arpcounterattack_flags}" in +*-p\ *) + echo "ERROR: \$arpcounterattack_flags includes -p option." \ + "Please use \$arpcounterattack_pidfile instead." + exit 1 + ;; +*) + arpcounterattack_flags="-p ${pidfile} ${arpcounterattack_flags}" + ;; +esac + +run_rc_command "$1" diff --git a/security/arpCounterattack/files/pkg-message.in b/security/arpCounterattack/files/pkg-message.in new file mode 100644 index 000000000000..1c44db265d5a --- /dev/null +++ b/security/arpCounterattack/files/pkg-message.in @@ -0,0 +1,11 @@ + +Before starting arpCounterattack, you should edit its configuration file, +%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf. Then, add the following +line to /etc/rc.conf: + +arpcounterattack_enable="YES" + +Finally, to start it, run the following command: + +%%PREFIX%%/etc/rc.d/arpCounterattack start + diff --git a/security/arpCounterattack/pkg-descr b/security/arpCounterattack/pkg-descr new file mode 100644 index 000000000000..7252ac7db14e --- /dev/null +++ b/security/arpCounterattack/pkg-descr @@ -0,0 +1,15 @@ +arpCounterattack is a program for detecting and remedying "ARP attacks." It +monitors traffic on any number of Ethernet interfaces and examines ARP replies +and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP +request that is in conflict with its notion of "correct" Ethernet/IP address +pairs, it logs the attack if logging is enabled, and, if the Ethernet +interface that the attack was seen on is is configured as being in aggressive +mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with +the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables +of hosts on the local network segment. The corrective gratuitous ARP request +and corrective gratuitous ARP reply can be sent from an Ethernet interface +other than the one that the attack was seen on. + +WWW: http://acm.poly.edu/wiki/ARP_Counterattack + +-Boris Kochergin <spawk@acm.poly.edu> diff --git a/security/arpCounterattack/pkg-plist b/security/arpCounterattack/pkg-plist new file mode 100644 index 000000000000..a37a292e0168 --- /dev/null +++ b/security/arpCounterattack/pkg-plist @@ -0,0 +1,6 @@ +sbin/arpCounterattack +@unexec if cmp -s %D/etc/arpCounterattack/arpCounterattack.conf.sample %D/etc/arpCounterattack/arpCounterattack.conf; then rm -f %D/etc/arpCounterattack/arpCounterattack.conf; fi +etc/arpCounterattack/arpCounterattack.conf.sample +@exec if [ ! -f %D/etc/arpCounterattack/arpCounterattack.conf ] ; then cp -p %D/%F %B/arpCounterattack.conf; fi +etc/arpCounterattack/oui.txt +@dirrmtry etc/arpCounterattack |