aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/Makefile1
-rw-r--r--security/arpCounterattack/Makefile32
-rw-r--r--security/arpCounterattack/distinfo2
-rw-r--r--security/arpCounterattack/files/arpCounterattack.in44
-rw-r--r--security/arpCounterattack/files/pkg-message.in11
-rw-r--r--security/arpCounterattack/pkg-descr15
-rw-r--r--security/arpCounterattack/pkg-plist6
7 files changed, 111 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 26ef7c1c0ad4..d7e897a7c9d1 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -24,6 +24,7 @@
SUBDIR += apache-xml-security-c
SUBDIR += apg
SUBDIR += arirang
+ SUBDIR += arpCounterattack
SUBDIR += authforce
SUBDIR += autossh
SUBDIR += avcheck
diff --git a/security/arpCounterattack/Makefile b/security/arpCounterattack/Makefile
new file mode 100644
index 000000000000..bb19119d2613
--- /dev/null
+++ b/security/arpCounterattack/Makefile
@@ -0,0 +1,32 @@
+# New ports collection makefile for: arpCounterattack
+# Date created: 05 November 2010
+# Whom: Boris Kochergin <spawk@acm.poly.edu>
+# $FreeBSD$
+#
+
+PORTNAME= arpCounterattack
+PORTVERSION= 1.2.0
+CATEGORIES= security
+MASTER_SITES= http://isis.poly.edu/~bk/${PORTNAME}/ \
+ http://bk.macroblock.net/${PORTNAME}/
+EXTRACT_SUFX= .tbz
+
+MAINTAINER= spawk@acm.poly.edu
+COMMENT= Detects and remedies ARP attacks
+
+LIB_DEPENDS= dnet.1:${PORTSDIR}/net/libdnet
+
+SUB_FILES= pkg-message
+
+USE_RC_SUBR= ${PORTNAME}
+
+.include <bsd.port.pre.mk>
+
+post-install:
+ @if [ ! -f ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ]; then \
+ ${CP} -p ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf.sample \
+ ${PREFIX}/etc/${PORTNAME}/${PORTNAME}.conf ; \
+ fi
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/arpCounterattack/distinfo b/security/arpCounterattack/distinfo
new file mode 100644
index 000000000000..37d5bf3d58d1
--- /dev/null
+++ b/security/arpCounterattack/distinfo
@@ -0,0 +1,2 @@
+SHA256 (arpCounterattack-1.2.0.tbz) = 28cb61cb799871bbb10057fddbd7a445f10b27725eca088f370eeff157f88f3d
+SIZE (arpCounterattack-1.2.0.tbz) = 507939
diff --git a/security/arpCounterattack/files/arpCounterattack.in b/security/arpCounterattack/files/arpCounterattack.in
new file mode 100644
index 000000000000..6594649d5b21
--- /dev/null
+++ b/security/arpCounterattack/files/arpCounterattack.in
@@ -0,0 +1,44 @@
+#!/bin/sh
+# $FreeBSD
+
+# PROVIDE: arpcounterattack
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Define these arpcounterattack_* variables in one of these files:
+# /etc/rc.conf
+# /etc/rc.conf.local
+# /etc/rc.conf.d/arpcounterattack
+#
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
+#
+arpcounterattack_enable="${arpcounterattack_enable-NO}"
+arpcounterattack_pidfile="/var/run/arpCounterattack.pid"
+
+. /etc/rc.subr
+
+name="arpcounterattack"
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/arpCounterattack"
+
+load_rc_config $name
+
+: ${arpcounterattack_config="%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf"}
+: ${arpcounterattack_flags="-c ${arpcounterattack_config}"}
+
+pidfile="${arpcounterattack_pidfile}"
+required_files="${arpcounterattack_config}"
+
+case "${arpcounterattack_flags}" in
+*-p\ *)
+ echo "ERROR: \$arpcounterattack_flags includes -p option." \
+ "Please use \$arpcounterattack_pidfile instead."
+ exit 1
+ ;;
+*)
+ arpcounterattack_flags="-p ${pidfile} ${arpcounterattack_flags}"
+ ;;
+esac
+
+run_rc_command "$1"
diff --git a/security/arpCounterattack/files/pkg-message.in b/security/arpCounterattack/files/pkg-message.in
new file mode 100644
index 000000000000..1c44db265d5a
--- /dev/null
+++ b/security/arpCounterattack/files/pkg-message.in
@@ -0,0 +1,11 @@
+
+Before starting arpCounterattack, you should edit its configuration file,
+%%PREFIX%%/etc/arpCounterattack/arpCounterattack.conf. Then, add the following
+line to /etc/rc.conf:
+
+arpcounterattack_enable="YES"
+
+Finally, to start it, run the following command:
+
+%%PREFIX%%/etc/rc.d/arpCounterattack start
+
diff --git a/security/arpCounterattack/pkg-descr b/security/arpCounterattack/pkg-descr
new file mode 100644
index 000000000000..7252ac7db14e
--- /dev/null
+++ b/security/arpCounterattack/pkg-descr
@@ -0,0 +1,15 @@
+arpCounterattack is a program for detecting and remedying "ARP attacks." It
+monitors traffic on any number of Ethernet interfaces and examines ARP replies
+and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP
+request that is in conflict with its notion of "correct" Ethernet/IP address
+pairs, it logs the attack if logging is enabled, and, if the Ethernet
+interface that the attack was seen on is is configured as being in aggressive
+mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with
+the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables
+of hosts on the local network segment. The corrective gratuitous ARP request
+and corrective gratuitous ARP reply can be sent from an Ethernet interface
+other than the one that the attack was seen on.
+
+WWW: http://acm.poly.edu/wiki/ARP_Counterattack
+
+-Boris Kochergin <spawk@acm.poly.edu>
diff --git a/security/arpCounterattack/pkg-plist b/security/arpCounterattack/pkg-plist
new file mode 100644
index 000000000000..a37a292e0168
--- /dev/null
+++ b/security/arpCounterattack/pkg-plist
@@ -0,0 +1,6 @@
+sbin/arpCounterattack
+@unexec if cmp -s %D/etc/arpCounterattack/arpCounterattack.conf.sample %D/etc/arpCounterattack/arpCounterattack.conf; then rm -f %D/etc/arpCounterattack/arpCounterattack.conf; fi
+etc/arpCounterattack/arpCounterattack.conf.sample
+@exec if [ ! -f %D/etc/arpCounterattack/arpCounterattack.conf ] ; then cp -p %D/%F %B/arpCounterattack.conf; fi
+etc/arpCounterattack/oui.txt
+@dirrmtry etc/arpCounterattack