Jump to content

Great tool


jrsmile
 Share

Recommended Posts

Hardware MITM with no possebility to catch the attacker is great, already did this with a fritzbox (common low cost router here in germany) sending the traffic filtered and compressed via tcp to my root server :-)

but the fon is live capturing and this is even more nicer. :-)

great peace of work

best regards,

J.

Link to comment
Share on other sites

I wouldn't say there is no possibility of getting caught but it is unlikely unless someone is looking for you.

We may have to do a show on how to detect it as a way to protect people from the beast we've released. Just like Chimera and Bellerophon from MI2.

Link to comment
Share on other sites

Now if only there was a way to add a sd card to the device and have it log packets there, then come back and retrieve the packets and reset the memory. Maybe when the fon2 comes out we can see this.

I would wait for the Fon2 with the USB. Using re-assigned GPIO for the SD card is slow. You're essentially doing "bit banging" while it's ok for general stuff like writing kismet logs I think the Fonera would have trouble keeping up.

Link to comment
Share on other sites

if you are just filtering the traffic you want and not a bunch of arp crap it wouldn't be to much gzipping it then pasting it to the net via dns tunnel... hmmm i love the world where with a bit it knowledge everything can be archived :)

Link to comment
Share on other sites

If you've got a permanent web connection you may as well just stream it all out and then capture it with tcpdump or wireshark on the other side.

I suppose capturing it and sending it out in packets would reduce the wifi noise as you could set it up to only connect periodically, maybe when it is running out of disk space.

Link to comment
Share on other sites

The only problem is where I put it. If i do not have wifi access there, external, then I cant stream it to a vpn. Saving logs to a physical media will allow me to dump them when im near by, via a held held, or to get them via ftp/scp. All in all this is really awesome. A network tap but transmitting the data wirelessly... Beyond words.

Link to comment
Share on other sites

If you've got a permanent web connection you may as well just stream it all out and then capture it with tcpdump or wireshark on the other side.

I suppose capturing it and sending it out in packets would reduce the wifi noise as you could set it up to only connect periodically, maybe when it is running out of disk space.

This is essentially what I did for my client when this device was requested. I just set up shfs and had tcpdump save the output at a remote location. My client wasn't too concerned with network egress monitoring, and he didn't want everything, just a specific protocol from a single target.

Link to comment
Share on other sites

The only problem is where I put it. If i do not have wifi access there, external, then I cant stream it to a vpn. Saving logs to a physical media will allow me to dump them when im near by, via a held held, or to get them via ftp/scp. All in all this is really awesome. A network tap but transmitting the data wirelessly... Beyond words.

It would be useful to collect a days worth of dumps then just drive past in the evening and collect it. That would virtually remove the wireless footprint that is one way this could be detected.

If you build this on the Fon2 you could stick a large USB flash disk in and just capture to that.

Link to comment
Share on other sites

Just combine it with an SSH tunnel over DNS and send the logs to your site. :)

Link to comment
Share on other sites

If you tunnel it over SSH through DNS wouldn't that be more secure and faster?

Certainly not faster as you are adding an extra layer of processing and not more secure as DNS isn't encrypted so all comms would go across in the clear. It would add obscurity but that isn't needed because the vpn already adds enough security.

P.S

Love you accent digininja.

Thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...