From bad0268e82e77f4b6aee275867b5e47d5c6c9db2 Mon Sep 17 00:00:00 2001
From: Kris Kennaway <kris@FreeBSD.org>
Date: Sun, 3 Sep 2000 01:54:26 +0000
Subject: despoof 0.9 is a utility for comparing the TTL of a received packet
 which is considered "suspicious" with the actual TTL of a test packet sent to
 that host, to try and detect packet spoofing. It is intended to be used as
 part of an IDS system.

---
 net/despoof/files/patch-ab | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 net/despoof/files/patch-ab

(limited to 'net/despoof/files/patch-ab')

diff --git a/net/despoof/files/patch-ab b/net/despoof/files/patch-ab
new file mode 100644
index 000000000000..fde6ceb4a075
--- /dev/null
+++ b/net/despoof/files/patch-ab
@@ -0,0 +1,11 @@
+--- despoof.c.orig	Sat Sep  2 18:34:37 2000
++++ despoof.c	Sat Sep  2 18:34:45 2000
+@@ -150,7 +150,7 @@
+ 
+   if (targetaddr == ip->ip_src.s_addr) 
+   {
+-    if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TIMESTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
++    if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TSTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
+     {
+       if (ttlval == ip->ip_ttl)
+       {
-- 
cgit v1.2.3