arpCounterattack is a program for detecting and remedying "ARP attacks." It monitors traffic on any number of Ethernet interfaces and examines ARP replies and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP request that is in conflict with its notion of "correct" Ethernet/IP address pairs, it logs the attack if logging is enabled, and, if the Ethernet interface that the attack was seen on is is configured as being in aggressive mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables of hosts on the local network segment. The corrective gratuitous ARP request and corrective gratuitous ARP reply can be sent from an Ethernet interface other than the one that the attack was seen on. WWW: http://acm.poly.edu/wiki/ARP_Counterattack Fix: Patch attached with submission follows:
Hi. It's been a couple of months since I've submitted this, so this is just me making sure this port isn't being neglected because there is something undesirable about it. If there is, I'd be happy to fix it. Thanks.
Due to the length of time since the original submission two changes should be made. 1) The check for OSVERSION < 7000 is not needed 2) MD5 is no longer used in distinfo attached is an updated shar with those two changes -- Eitan Adler
Responsible Changed From-To: freebsd-ports-bugs->skreuzer I'll take it.
skreuzer 2011-04-27 17:42:00 UTC FreeBSD ports repository Modified files: security Makefile Added files: security/arpCounterattack Makefile distinfo pkg-descr pkg-plist security/arpCounterattack/files arpCounterattack.in pkg-message.in Log: arpCounterattack is a program for detecting and remedying "ARP attacks." It monitors traffic on any number of Ethernet interfaces and examines ARP replies and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP request that is in conflict with its notion of "correct" Ethernet/IP address pairs, it logs the attack if logging is enabled, and, if the Ethernet interface that the attack was seen on is is configured as being in aggressive mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables of hosts on the local network segment. The corrective gratuitous ARP request and corrective gratuitous ARP reply can be sent from an Ethernet interface other than the one that the attack was seen on. WWW: http://acm.poly.edu/wiki/ARP_Counterattack PR: ports/151973 Submitted by: Boris Kochergin <spawk@acm.poly.edu> Revision Changes Path 1.1166 +1 -0 ports/security/Makefile 1.1 +32 -0 ports/security/arpCounterattack/Makefile (new) 1.1 +2 -0 ports/security/arpCounterattack/distinfo (new) 1.1 +44 -0 ports/security/arpCounterattack/files/arpCounterattack.in (new) 1.1 +11 -0 ports/security/arpCounterattack/files/pkg-message.in (new) 1.1 +15 -0 ports/security/arpCounterattack/pkg-descr (new) 1.1 +6 -0 ports/security/arpCounterattack/pkg-plist (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed New port added. Thanks!
Doesn't build when net/libpcap is installed When port library PCAP is installed, it seems it tries to prefer port version over base system, but if fails to link correctly with port library pcap. To avoid useless dependency, please force link with base system PCAP library even when port PCAP is installed or set up a radio button to let the user choose the library to link on (infortunately I can't get rid of port PCAP, as it expressively required by /net/daq a dependency of security/snort)