---
name: arpCounterattack
version: 1.2.0
origin: security/arpCounterattack
comment: Detects and remedies ARP attacks
arch: freebsd:9:x86:64
www: http://acm.poly.edu/wiki/ARP_Counterattack
maintainer: spawk@acm.poly.edu
prefix: /usr/local
licenselogic: single
flatsize: 2364355
desc: |
  arpCounterattack is a program for detecting and remedying "ARP attacks." It
  monitors traffic on any number of Ethernet interfaces and examines ARP replies
  and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP
  request that is in conflict with its notion of "correct" Ethernet/IP address
  pairs, it logs the attack if logging is enabled, and, if the Ethernet
  interface that the attack was seen on is configured as being in aggressive
  mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with
  the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables
  of hosts on the local network segment. The corrective gratuitous ARP request
  and corrective gratuitous ARP reply can be sent from an Ethernet interface
  other than the one that the attack was seen on.

  WWW: http://acm.poly.edu/wiki/ARP_Counterattack

  -Boris Kochergin <spawk@acm.poly.edu>
deps:
  libdnet: {origin: net/libdnet, version: 1.11_3}
categories: [security]
files:
  /usr/local/etc/arpCounterattack/arpCounterattack.conf.sample: 4a8faea05fddf3a7ab732467e9382eb9291f3a1f27b06f69facfd93d0e9f9b8c
  /usr/local/etc/arpCounterattack/oui.txt: 589d6aebae18325bb07fb739fd9e7e3437003e63327139b5742c578d226d85e8
  /usr/local/etc/rc.d/arpCounterattack: 124c386e04c7120f29d54130d229805b24f66da58be61cdb123aa4a015a1aa05
  /usr/local/sbin/arpCounterattack: 5bf886088532c0018f484e65e545b7c139d11b6ff9b98657eb07cbef75b07e21
directories:
  /usr/local/etc/arpCounterattack/: y
scripts:
  post-install: |
    if [ ! -f /usr/local/etc/arpCounterattack/arpCounterattack.conf ] ; then cp -p /usr/local/etc/arpCounterattack/arpCounterattack.conf.sample /usr/local/etc/arpCounterattack/arpCounterattack.conf; fi
    cd /usr/local
  pre-deinstall: |
    if cmp -s /usr/local/etc/arpCounterattack/arpCounterattack.conf.sample /usr/local/etc/arpCounterattack/arpCounterattack.conf; then rm -f /usr/local/etc/arpCounterattack/arpCounterattack.conf; fi
    cd /usr/local
  post-deinstall: |
    cd /usr/local
message: |2+

  Before starting arpCounterattack, you should edit its configuration file,
  /usr/local/etc/arpCounterattack/arpCounterattack.conf. Then, add the following
  line to /etc/rc.conf:

  arpcounterattack_enable="YES"

  Finally, to start it, run the following command:

  /usr/local/etc/rc.d/arpCounterattack start

