Jump to content

Cybex

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by Cybex

  1. Would putting a small battery inside be an option to allow for coding a trigger condition to kick off a wiping routine to eliminate the target from analyzing the LAN Turtle for actionable intelligence? Or perhaps a way to implement ECC at rest so the scripts can not be read and the actions taken not be discovered. I don't like to give the target all the answers, they need to work harder... :-) Just random thoughts, criticism welcomed. Thanks, Cybex
  2. Got it... I needed to create a transparent bridge. apt-get install bridge-utils apt-get install tcpdump brctl addbr br01 brctl addif br01 eth0 brctl addif br01 eth1 ifconfig br01 up brctl show tcpdump -i br01 -w dumpfile.pcap Thanks for the input but both suggestions missed this point about not wanting the solution to have an IP address. Both recommendations are firewall/router solutions and both are visible on the network. Thanks, Cy
  3. I was wondering if anyone knows how to build and configure a Linux system to sit inline on a SOHO network, to allow for PCAP archiving and security monitoring (ISD, AV, ETC...). I have an extra PC laying around (3GB RAM, 1TB Hard Drive, 4 GigE NIC's) and I would like to place it behind my FIOS router to dump the traffic and perform security analysis activities against it. I would prefer the system be invisible on the network (no ip address) and do it without the system being set up as the network gateway. I want to use the PC, no span ports/port mirrors and no network taps, hubs, etc... I found the following on The Shmoo Group, but there was no other information and I am trying to accomplish it with Linux not BSD. "FreeBSD can do very simple bridging without even assigning an IP to the interfaces you are bridging. Of course you'll have to run a sniffer like snort to make the sensor element complete. If you are using 3 interfaces (2 for the bridging and actual sniffing and 1 for sensor data output) you'd of course had to assign an IP to the 3rd interface (which would sit wisely on a separate IDS network). And with all the wonderful stealth IP kernel options it will be no trouble hiding the box." Thanks, Cy
×
×
  • Create New...