jrsmile Posted March 18, 2009 Share Posted March 18, 2009 Hardware MITM with no possebility to catch the attacker is great, already did this with a fritzbox (common low cost router here in germany) sending the traffic filtered and compressed via tcp to my root server :-) but the fon is live capturing and this is even more nicer. :-) great peace of work best regards, J. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 18, 2009 Share Posted March 18, 2009 I wouldn't say there is no possibility of getting caught but it is unlikely unless someone is looking for you. We may have to do a show on how to detect it as a way to protect people from the beast we've released. Just like Chimera and Bellerophon from MI2. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 19, 2009 Share Posted March 19, 2009 Now if only there was a way to add a sd card to the device and have it log packets there, then come back and retrieve the packets and reset the memory. Maybe when the fon2 comes out we can see this. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted March 19, 2009 Share Posted March 19, 2009 Now if only there was a way to add a sd card to the device and have it log packets there, then come back and retrieve the packets and reset the memory. Maybe when the fon2 comes out we can see this. I would wait for the Fon2 with the USB. Using re-assigned GPIO for the SD card is slow. You're essentially doing "bit banging" while it's ok for general stuff like writing kismet logs I think the Fonera would have trouble keeping up. Quote Link to comment Share on other sites More sharing options...
jrsmile Posted March 19, 2009 Author Share Posted March 19, 2009 if you are just filtering the traffic you want and not a bunch of arp crap it wouldn't be to much gzipping it then pasting it to the net via dns tunnel... hmmm i love the world where with a bit it knowledge everything can be archived :) Quote Link to comment Share on other sites More sharing options...
digininja Posted March 19, 2009 Share Posted March 19, 2009 If you've got a permanent web connection you may as well just stream it all out and then capture it with tcpdump or wireshark on the other side. I suppose capturing it and sending it out in packets would reduce the wifi noise as you could set it up to only connect periodically, maybe when it is running out of disk space. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 20, 2009 Share Posted March 20, 2009 The only problem is where I put it. If i do not have wifi access there, external, then I cant stream it to a vpn. Saving logs to a physical media will allow me to dump them when im near by, via a held held, or to get them via ftp/scp. All in all this is really awesome. A network tap but transmitting the data wirelessly... Beyond words. Quote Link to comment Share on other sites More sharing options...
aeturnus Posted March 20, 2009 Share Posted March 20, 2009 If you've got a permanent web connection you may as well just stream it all out and then capture it with tcpdump or wireshark on the other side. I suppose capturing it and sending it out in packets would reduce the wifi noise as you could set it up to only connect periodically, maybe when it is running out of disk space. This is essentially what I did for my client when this device was requested. I just set up shfs and had tcpdump save the output at a remote location. My client wasn't too concerned with network egress monitoring, and he didn't want everything, just a specific protocol from a single target. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 20, 2009 Share Posted March 20, 2009 The only problem is where I put it. If i do not have wifi access there, external, then I cant stream it to a vpn. Saving logs to a physical media will allow me to dump them when im near by, via a held held, or to get them via ftp/scp. All in all this is really awesome. A network tap but transmitting the data wirelessly... Beyond words. It would be useful to collect a days worth of dumps then just drive past in the evening and collect it. That would virtually remove the wireless footprint that is one way this could be detected. If you build this on the Fon2 you could stick a large USB flash disk in and just capture to that. Quote Link to comment Share on other sites More sharing options...
digip Posted March 20, 2009 Share Posted March 20, 2009 Just combine it with an SSH tunnel over DNS and send the logs to your site. :) Quote Link to comment Share on other sites More sharing options...
digininja Posted March 20, 2009 Share Posted March 20, 2009 You don't need to, you already have unrestricted access to your machine through the vpn or through the wireless. Quote Link to comment Share on other sites More sharing options...
Zimmer Posted March 21, 2009 Share Posted March 21, 2009 If you tunnel it over SSH through DNS wouldn't that be more secure and faster? P.S Love you accent digininja. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 22, 2009 Share Posted March 22, 2009 If you tunnel it over SSH through DNS wouldn't that be more secure and faster? Certainly not faster as you are adding an extra layer of processing and not more secure as DNS isn't encrypted so all comms would go across in the clear. It would add obscurity but that isn't needed because the vpn already adds enough security. P.S Love you accent digininja. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.