blackriver

Excellent advice, thanks Jason!

I'm not sure if I'm up to coding my own tool yet, but thanks for the reading material. I wonder if this would be a good exercise in Python or Ruby: calling tcpdump and tshark, processing their output, and restart. Sounds like a weekend project!

Thanks for the reply, Jason. I'm trying to understand how I could do the same with a different tool, say tcpdump. As far as I understand, tcpdump will also capture the beacons when put in monitor mode with -I. Is there a way to basically count the "data packets" in monitor mode just like airodump-ng does?

I was trying to explain the workings of Airodump-ng to someone when it occurred to me I don't fully understand what the "#Data"-column is trying to show. I always assumed these were "interesting" packets, i.e. packets generated by an actual user instead of say beacons (although the manual says it's the "number of captured data packets, including data broadcast packets"). I was wondering if anyone knew how Airodump-ng determines if it sees a data packet. I tried to google but couldn't find an answer. So is it perhaps one of these? All packets minus beacons? Only TCP (and maybe UDP) packets? All packets that have a source and destination?

That second solution is actually not so bad... I could keep the fileserver steady and stable, and do my crazy coding and pentesting from a virtual machine. One other thing, would drive/partition/directory encryption do any good in this case?

I wanted to turn an old computer into a fileserver (running Debian). I wanted to store all my data there, so that my regular PC will only have one HDD running the OS (Windows) and programs. So I created a samba share, and got it working neatly right away. But after installing some pentesting tools, it occured to me that storing all my sensitive, private and personal data and running shady hacking/pentesting tools on one single box might not be a good idea. Now, my question is, how to keep my personal data as safe as possible on my little Linux fileserver? I have used a different user + usergroup for my samba shares, so my normal user account can't access the samba shares thanks to regular Linux file permissions. Is there anything more I can do?

@Webhostbudd: can I create a tunnel for a port range, then? One group of servers uses the range 3000 to 4000 for instance, it would be a PITA to manually set up Putty or Plink for this. @Sparda: I think I was confusing a few concepts. I was thinking of how a SOCKS5 proxy works, like how Matt explained on show 416: http://www.mattlestock.com/2008/12/setup-an-ssh-socks-proxy/ @scrapheap: Some are using EditpadPro (more an advanced text editor, if you know it), and others use Netbeans (for PHP). Netbeans actually has SFTP support, but it's impossible to set up. This seems to be a known issue and I hope it'll be fixed soon. I must say the tool Tunnelier does what it says, and sets up a FTP-to-SFTP bridge without much effort. So far I'm loving this tool, but I feel bad I couldn't set up something more intelligent using proper tools like Plink or Putty.

Thanks again everybody. I dug a little deeper and used the method suggested by Sparda, which indeed seems to work. I can log into the remote FTP server over localhost:21, and according to the logs the login process completes sucessfully. But then the problem scrapheap mentions arises: FTP needs another port for the actual data, and the remote server chooses a random port for this. I can't possibly know this port on forehand, so it looks like this isn't gonna work after all :( I came across a tool that might fix my problem, called Tunnelier: http://www.bitvise.com/ftp-bridge.html so I will be giving that a shot.

Thanks for the replies, guys. I'm still not 100% confident this will keep my traffic secure 100% between point A ("ME" in the drawing, my Windows machine) and point B ("SERVER 2" in the drawing, the Linux server where the files need to go). I have this SSH tunnel thing in my head like this: I set up a tunnel between ME and SERVER 1. The traffic between this goes through an SSH tunnel, and all's well. But then SERVER 1 will have to send whatever I want to send to my original destination, SERVER 2. And that's good old FTP, with plain text passwords and all. Even if I set up a tunnel directly to SERVER 2, won't SERVER 2 still just blindly FTP my data to itself (over the internet) using the original non-local IP adress?

But won't that just create a secure tunnel from me to the server at the end of the tunnel, and from then on become plain FTP again? The server at the end of the tunnel will still need to go onto the internet to actually FTP my files to the destination host.

Here's my situation: I have a Windows XP machine and I have to edit files on several remote Linux boxes. Due to my project's chosen IDE, I can't work directly on the remote machines using VIM or something similar. So, we use the IDE's built-in FTP which allows us to edit files on the remote servers. This is rather insecure, and the IDE doesn't support SFTP. How can do this securely? I was thinking of building an SSH tunnel (as explained on episode 416), but the IDE also doesn't support using a proxy. Also, it would be a pain in the butt to switch between servers, which happens a lot during the day. What else can I try? The most ideal solution would be to somehow mount the remote Linux dir to something local in Windows, so I can simply use the IDE's explorer to edit a "local" file (similar to Dropbox, for instance). I'm using Putty, Plink and Total Commander on my Windows machine so far.

Finally something to do in Europe again: http://www.hackerspace.net/ Any Hak5 viewers going there? I'm thinking about it!

If you like anime, definately check out Battle Programmer Shirase. It's a slightly weird anime about a freelance computer programmer who has to hack himself out of all kinds of adventures. Armed with special powers like "Double compile!" he outsmarts his black-hat hacker enemies. All episodes are quite short, like 15 minutes, so ideal for on your phone or netbook. Wikipedia page: http://en.wikipedia.org/wiki/Battle_Programmer_Shirase

I never dared full disc encryption either, so I settled for encfs on my Eee 701 running Debian Lenny. It basically enables you to encrypt directories. It works really well for what I want to do, which is just keeping my personal data safe when I lose my laptop. I'm sure I'd leave some traces in temp files and whatnot, but at least I don't have my full email correspondence viewable for the whole world.

Yeah, at the time of testing none of these devices (Xbox, Wii, etc.) were connected. So when the problems occured, nothing but my PC and my router made up my home network. My router does ARP requests for the devices it has seen on the network in the past few months, to which only my PC responds. The problem occurs when all of a sudden my PC does an ARP request for this address 192.168.1.61, which is unused on my network. I guess that ARP request confuses my router and/or PC, and network activity stops (at least incoming packets). Is there a way to see which program on my PC initiates this ARP request?