Siphon-0.666 is a passive OS fingerprinter, which sniffs TCP connections

and uses characteristics of the TCP stream to guess the OS running on
the endpoints.

7 files changed, 72 insertions, 0 deletions

diff --git a/security/siphon/Makefile b/security/siphon/Makefile
new file mode 100644
index 0000000..3eb531e
--- /dev/null
+++ b/security/siphon/Makefile
@@ -0,0 +1,25 @@
+# Ports collection makefile for:  siphon
+# Date created:			  6 May 2000
+# Whom:				  Kris Kennaway <kris@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	siphon
+PORTVERSION=	0.666
+CATEGORIES=	security net
+MASTER_SITES=	http://www.subterrain.net/projects/siphon/
+DISTFILES=	siphon-v.666.tar.gz siphon-report.pl
+EXTRACT_ONLY=	siphon-v.666.tar.gz
+
+MAINTAINER=	kris@FreeBSD.org
+
+WRKSRC=		${WRKDIR}/siphon-v.666
+
+do-install:
+	${MKDIR} ${PREFIX}/share/siphon
+	${INSTALL_PROGRAM} ${WRKSRC}/siphon ${PREFIX}/bin
+	${INSTALL_SCRIPT} ${DISTDIR}/siphon-report.pl ${PREFIX}/bin/siphon-report
+	${INSTALL_DATA} ${WRKSRC}/osprints.conf ${PREFIX}/share/siphon
+
+.include <bsd.port.mk>
diff --git a/security/siphon/distinfo b/security/siphon/distinfo
new file mode 100644
index 0000000..d94906b
--- /dev/null
+++ b/security/siphon/distinfo
@@ -0,0 +1,2 @@
+MD5 (siphon-v.666.tar.gz) = 064c63e738235626aeb7820241ce478b
+MD5 (siphon-report.pl) = 43789c823c6c5541bc90c8dc1e43c0ae
diff --git a/security/siphon/files/patch-aa b/security/siphon/files/patch-aa
new file mode 100644
index 0000000..e2a402d
--- /dev/null
+++ b/security/siphon/files/patch-aa
@@ -0,0 +1,11 @@
+--- log.c.orig	Thu May  4 12:00:00 2000
++++ log.c	Sat May  6 15:32:36 2000
+@@ -137,7 +137,7 @@
+   FILE *osprints;
+   static char line[80], *oswin, *osttl, *osdf, *os, hexed[10];
+   static int check = 0;
+-  osprints = fopen("osprints.conf","r");
++  osprints = fopen(OSPRINTSCONF,"r");
+ 
+   if(!osprints) {
+     perror("Unable to find osprints.conf\n");
diff --git a/security/siphon/files/patch-ab b/security/siphon/files/patch-ab
new file mode 100644
index 0000000..b51000e
--- /dev/null
+++ b/security/siphon/files/patch-ab
@@ -0,0 +1,21 @@
+--- Makefile.orig	Thu May  4 11:10:24 2000
++++ Makefile	Sat May  6 15:37:22 2000
+@@ -1,6 +1,7 @@
+-CC = gcc
++CC ?= gcc
+ CCFLAGS = -Wall -pthread -ggdb
+-CFLAGS = -Wall -O2 -pthread -ggdb -I. 
++CFLAGS ?= -O
++CFLAGS += -Wall -pthread -I. -DOSPRINTSCONF=\"${PREFIX}/share/siphon/osprints.conf\"
+ LIBS = -lpcap
+ OBJS = parse.o sniff.o main.o log.o
+ SRCS = ${OBJS:.o=.c}
+@@ -9,7 +10,7 @@
+ all: $(TARGET)
+ 
+ $(TARGET): $(OBJS)
+-	$(CC) $(CCFLAGS) -o $(TARGET) $(OBJS) $(LIBS)
++	$(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LIBS)
+ 
+ clean:
+ 	rm -f $(OBJS) *~ *.core core siphon
diff --git a/security/siphon/pkg-comment b/security/siphon/pkg-comment
new file mode 100644
index 0000000..744af7d
--- /dev/null
+++ b/security/siphon/pkg-comment
@@ -0,0 +1 @@
+Passive host OS identifier using characteristics of sniffed traffic
diff --git a/security/siphon/pkg-descr b/security/siphon/pkg-descr
new file mode 100644
index 0000000..6a14df3
--- /dev/null
+++ b/security/siphon/pkg-descr
@@ -0,0 +1,8 @@
+Siphon is a passive OS fingerprinter which sniffs network traffic passing
+the local machine and uses characteristics of the TCP stream to identify
+the operating system running on the endpoints.
+
+In contrast to active fingerprinters like nmap and queso, no additional
+connections need to be made to the target system in order to fingerprint it.
+
+WWW: http://www.subterrain.net/projects/siphon/
diff --git a/security/siphon/pkg-plist b/security/siphon/pkg-plist
new file mode 100644
index 0000000..6e895de
--- /dev/null
+++ b/security/siphon/pkg-plist
@@ -0,0 +1,4 @@
+bin/siphon
+bin/siphon-report
+share/siphon/osprints.conf
+@dirrm share/siphon