1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

despoof 0.9 is a utility for comparing the TTL of a received packet which

is considered "suspicious" with the actual TTL of a test packet sent to
that host, to try and detect packet spoofing. It is intended to be used
as part of an IDS system.
This commit is contained in:
Kris Kennaway 2000-09-03 01:54:26 +00:00
parent 6d501683c5
commit bad0268e82
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=32219
8 changed files with 64 additions and 0 deletions

View File

@ -46,6 +46,7 @@
SUBDIR += datapipe
SUBDIR += ddup
SUBDIR += delegate
SUBDIR += despoof
SUBDIR += dgd
SUBDIR += dgd-lpmud
SUBDIR += dgd-net

23
net/despoof/Makefile Normal file
View File

@ -0,0 +1,23 @@
# New ports collection makefile for: despoof
# Date created: 02 September 2000
# Whom: Kris Kennaway <kris@FreeBSD.org>
#
# $FreeBSD$
#
PORTNAME= despoof
PORTVERSION= 0.9
CATEGORIES= net security
MASTER_SITES= http://razor.bindview.com/tools/files/
EXTRACT_SUFX= .tgz
MAINTAINER= kris@FreeBSD.org
BUILD_DEPENDS= ${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/despoof ${PREFIX}/bin
${MKDIR} ${PREFIX}/share/doc/despoof
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/despoof
.include <bsd.port.mk>

1
net/despoof/distinfo Normal file
View File

@ -0,0 +1 @@
MD5 (despoof-0.9.tgz) = 07f2ba923e414e86b0a7dd6aee21d5b6

View File

@ -0,0 +1,17 @@
--- Makefile.orig Sat Sep 2 18:33:10 2000
+++ Makefile Sat Sep 2 18:35:05 2000
@@ -1,10 +1,10 @@
# despoof makefile
#
-CC=gcc
-CFLAGS=-O3
+CC?=gcc
+CFLAGS?=-O
PROG=despoof
-DEFS=`libnet-config --defines`
-LIBS=-lnet -lpcap
+DEFS=-I${LOCALBASE}/include `libnet-config --defines`
+LIBS=-L${LOCALBASE}/lib -lnet -lpcap
default: all

View File

@ -0,0 +1,11 @@
--- despoof.c.orig Sat Sep 2 18:34:37 2000
+++ despoof.c Sat Sep 2 18:34:45 2000
@@ -150,7 +150,7 @@
if (targetaddr == ip->ip_src.s_addr)
{
- if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TIMESTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
+ if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TSTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
{
if (ttlval == ip->ip_ttl)
{

1
net/despoof/pkg-comment Normal file
View File

@ -0,0 +1 @@
Command-line anti-spoofing detection utility

7
net/despoof/pkg-descr Normal file
View File

@ -0,0 +1,7 @@
A command-line anti-spoofing detection utility. The idea is simple --
if you receive a packet that you suspect is spoofed, try to determine
the real TTL of the packet and compare it to the TTL of the packet you
received. This is intended to be used as a component of an IDS
toolkit.
WWW: http://razor.bindview.com/tools/

3
net/despoof/pkg-plist Normal file
View File

@ -0,0 +1,3 @@
bin/despoof
share/doc/despoof/README
@dirrm share/doc/despoof