ports/90372: New port: security/fiked - a fake IKE PSK+XAUTH daemon

Tue Dec 13 23:40:14 UTC 2005

>Number:         90372
>Category:       ports
>Synopsis:       New port: security/fiked - a fake IKE PSK+XAUTH daemon
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 13 23:40:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Daniel Roethlisberger
>Release:        FreeBSD 5.4-RELEASE-p6 i386
>Organization:
>Environment:
System: FreeBSD marvin.roe 5.4-RELEASE-p6 FreeBSD 5.4-RELEASE-p6 #5: Mon Nov 7 13:20:09 CET 2005 root at marvin.roe:/usr/obj/usr/src/sys/IBMTPX40 i386
>Description:
This is a fake IKE daemon supporting just enough of the standards and
Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN
setups.

Basically, if you know the pre-shared key, also known as shared secret
or group password, you can impersonate the VPN gateway in IKE phase 1,
and learn XAUTH user credentials in phase 2.
>How-To-Repeat:
>Fix:
--- fiked-0.0.2.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	fiked
#	fiked/Makefile
#	fiked/pkg-descr
#	fiked/distinfo
#
echo c - fiked
mkdir -p fiked > /dev/null 2>&1
echo x - fiked/Makefile
sed 's/^X//' >fiked/Makefile << 'END-of-fiked/Makefile'
X# New ports collection makefile for:	fiked
X# Date created:		2005-12-07
X# Whom:			Daniel Roethlisberger <daniel at roe.ch>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	fiked
XPORTVERSION=	0.0.2
XCATEGORIES=	security
XMASTER_SITES=	http://dragon.roe.ch/bitsnpieces/fiked/
X
XMAINTAINER=	daniel at roe.ch
XCOMMENT=	A fake IKE PSK+XAUTH daemon based on vpnc
X
XLIB_DEPENDS=	gcrypt.13:${PORTSDIR}/security/libgcrypt
XBUILD_DEPENDS=	libnet*>=1.1.2,1:${PORTSDIR}/net/libnet
X
XUSE_BZIP2=	yes
XUSE_GMAKE=	yes
X
XPLIST_FILES=	bin/fiked
XMAN1=		fiked.1
XPORTDOCS=	README
X
Xpost-patch:
X	${LN} -s GNUmakefile ${WRKSRC}/Makefile
X
Xdo-install:
X	${INSTALL_PROGRAM} ${WRKSRC}/fiked ${PREFIX}/bin
X	${INSTALL_MAN} ${WRKSRC}/fiked.1 ${PREFIX}/man/man1/
X.if !defined(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X
X.include <bsd.port.mk>
END-of-fiked/Makefile
echo x - fiked/pkg-descr
sed 's/^X//' >fiked/pkg-descr << 'END-of-fiked/pkg-descr'
XThis is a fake IKE daemon supporting just enough of the standards and
XCisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN
Xsetups.
X
XBasically, if you know the pre-shared key, also known as shared secret
Xor group password, you can impersonate the VPN gateway in IKE phase 1,
Xand learn XAUTH user credentials in phase 2.
X
XAuthor: Daniel Roethlisberger <daniel at roe.ch>
XWWW: http://www.roe.ch/FakeIKEd
END-of-fiked/pkg-descr
echo x - fiked/distinfo
sed 's/^X//' >fiked/distinfo << 'END-of-fiked/distinfo'
XMD5 (fiked-0.0.2.tar.bz2) = d686f04ddd6da2826e8d2b1a3a7e4177
XSHA256 (fiked-0.0.2.tar.bz2) = ba76c76b0f790434873a7d70f27b796335eaea139d4eac08c1fac01c6c5efe92
XSIZE (fiked-0.0.2.tar.bz2) = 107751
END-of-fiked/distinfo
exit
--- fiked-0.0.2.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: