From d82da7677e7790237f8961b31676d9407a112792 Mon Sep 17 00:00:00 2001
From: ahze <ahze@FreeBSD.org>
Date: Wed, 15 Jun 2005 06:57:10 +0000
Subject: - Add sasp This is a tool that uses ARP poisoning  to  have  a 
 scenario like this: we have a LAN and we want offer connectivity to every-
 one coming here with his laptop for example. It could happen that our 
 customer  has  his  network parameters already configured to work correctly
 in his own LAN, but not working here. We can  have then this scenario:
 Customer's  host (10.0.0.2/8 and default gateway set to 10.0.0.1) Our LAN
 (192.168.0.0/24 with real gateway 192.168.0.254). All that we want is that
 our customer plugs his laptop  and  joins the  internet without changing
 nothing of his network parameters. Here comes this tool installed in my real
 gw(192.168.0.254)  It's a  sort  of sniffer, because it sniffs broadcast ARP
 requests for the gateway and answers that the gateway is itself In our
 example our  customer's  laptop  sends  this request: arp who-has 10.0.0.1
 tell 10.0.0.2 Now our gateway does the following: 1)  Sends  back this  reply
 to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address 2)Create the alias
 10.0.0.254 (ARP is not routable so we need one alias  for each subnet that is
 not our one) 3)Sends itself an ARP reply to refresh his ARP cache It is
 different from proxy arp for two reasons: first it runs  in user  space, 
 then in this case we can plug machines belonging to whatever subnet, while
 proxy arp is used in the case of only  two different ones.

PR:		ports/79676
Submitted by:	Luigi Pizzirani <sviat@opengeeks.it>
---
 security/Makefile       |  1 +
 security/sasp/Makefile  | 21 +++++++++++++++++++++
 security/sasp/distinfo  |  2 ++
 security/sasp/pkg-descr | 23 +++++++++++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 security/sasp/Makefile
 create mode 100644 security/sasp/distinfo
 create mode 100644 security/sasp/pkg-descr

(limited to 'security')

diff --git a/security/Makefile b/security/Makefile
index 034834a1dcc..2d2960f2f5f 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -450,6 +450,7 @@
     SUBDIR += samba-vscan
     SUBDIR += samhain
     SUBDIR += sancp
+    SUBDIR += sasp
     SUBDIR += scanlogd
     SUBDIR += scanssh
     SUBDIR += seahorse
diff --git a/security/sasp/Makefile b/security/sasp/Makefile
new file mode 100644
index 00000000000..343815f95b2
--- /dev/null
+++ b/security/sasp/Makefile
@@ -0,0 +1,21 @@
+# New ports collection makefile for:    sasp
+# Date created:        2 September 2004
+# Whom:                sviat
+#
+# $FreeBSD$
+#
+
+PORTNAME=	sasp
+PORTVERSION=	0.1
+CATEGORIES=	security
+MASTER_SITES=	http://sviat.opengeeks.it/codes/sasp/
+
+MAINTAINER=	sviat@OpenGEEKS.it
+COMMENT=	A tool that permits to use a gateway whatever IP we have
+
+BUILD_DEPENDS=	 ${LOCALBASE}/include/libnet/libnet-types.h:${PORTSDIR}/net/libnet-devel
+
+NO_WRKSUBDIR=	yes
+PLIST_FILES=	sbin/sasp
+
+.include <bsd.port.mk>
diff --git a/security/sasp/distinfo b/security/sasp/distinfo
new file mode 100644
index 00000000000..84f43f2249c
--- /dev/null
+++ b/security/sasp/distinfo
@@ -0,0 +1,2 @@
+MD5 (sasp-0.1.tar.gz) = 01cdaf87a0ac27bc5d52a01e4e858c78
+SIZE (sasp-0.1.tar.gz) = 3709
diff --git a/security/sasp/pkg-descr b/security/sasp/pkg-descr
new file mode 100644
index 00000000000..4e8190943d1
--- /dev/null
+++ b/security/sasp/pkg-descr
@@ -0,0 +1,23 @@
+This is a tool that uses ARP poisoning  to  have  a  scenario
+like this: we have a LAN and we want offer connectivity to every-
+one coming here with his laptop for example. It could happen that
+our  customer  has  his  network parameters already configured to
+work correctly in his own LAN, but not working here. We can  have
+then this scenario:
+Customer's  host (10.0.0.2/8 and default gateway set to 10.0.0.1)
+Our LAN (192.168.0.0/24 with real gateway 192.168.0.254).
+All that we want is that our customer plugs his laptop  and  joins
+the  internet without changing nothing of his network parameters.
+Here comes this tool installed in my real gw(192.168.0.254)  It's
+a  sort  of sniffer, because it sniffs broadcast ARP requests for
+the gateway and answers that the gateway is itself In our example
+our  customer's  laptop  sends  this request: arp who-has 10.0.0.1
+tell 10.0.0.2 Now our gateway does the following: 1)  Sends  back
+this  reply to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address
+2)Create the alias 10.0.0.254 (ARP is not routable so we need one
+alias  for each subnet that is not our one) 3)Sends itself an ARP
+reply to refresh his ARP cache
+It is different from proxy arp for two reasons: first it runs  in
+user  space,  then in this case we can plug machines belonging to
+whatever subnet, while proxy arp is used in the case of only  two
+different ones.
-- 
cgit