despoof 0.9 is a utility for comparing the TTL of a received packet which

is considered "suspicious" with the actual TTL of a test packet sent to
that host, to try and detect packet spoofing. It is intended to be used
as part of an IDS system.

2 files changed, 28 insertions, 0 deletions

diff --git a/net/despoof/files/patch-aa b/net/despoof/files/patch-aa
new file mode 100644
index 000000000000..89bfdfbd640f
--- /dev/null
+++ b/net/despoof/files/patch-aa
@@ -0,0 +1,17 @@
+--- Makefile.orig	Sat Sep  2 18:33:10 2000
++++ Makefile	Sat Sep  2 18:35:05 2000
+@@ -1,10 +1,10 @@
+ # despoof makefile
+ #
+-CC=gcc
+-CFLAGS=-O3
++CC?=gcc
++CFLAGS?=-O
+ PROG=despoof
+-DEFS=`libnet-config --defines`
+-LIBS=-lnet -lpcap
++DEFS=-I${LOCALBASE}/include `libnet-config --defines`
++LIBS=-L${LOCALBASE}/lib -lnet -lpcap
+ 
+ default: all
+ 
diff --git a/net/despoof/files/patch-ab b/net/despoof/files/patch-ab
new file mode 100644
index 000000000000..fde6ceb4a075
--- /dev/null
+++ b/net/despoof/files/patch-ab
@@ -0,0 +1,11 @@
+--- despoof.c.orig	Sat Sep  2 18:34:37 2000
++++ despoof.c	Sat Sep  2 18:34:45 2000
+@@ -150,7 +150,7 @@
+ 
+   if (targetaddr == ip->ip_src.s_addr) 
+   {
+-    if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TIMESTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
++    if (((inquery == 1) && (icmp->icmp_type == ICMP_ECHOREPLY)) || ((inquery == 2) && (icmp->icmp_type == ICMP_TSTAMPREPLY)) || ((inquery == 3) && (sport == ntohs(tcphdr->th_dport))))
+     {
+       if (ttlval == ip->ip_ttl)
+       {