Internet Census 2012

Posted on May 3, 2013 by mea

Abstract While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.

All data gathered during our research is released into the public domain for further study.

via Internet Census 2012.

Time To Set Up That Honeypot

Posted on April 28, 2013 by mea

Still not sure where to start? Take a look at the Active Defense Harbinger Distribution (ADHD) project, which is part of the Samurai family of Linux-based LiveCD distributions. ADHD provides a bootable ISO that contains the two previously mentioned tools and many others that are specifically focused on providing early warning detection of attacker activity. Some of those are more geared toward alerting, because, technically, no computers should be communicating with the honeypot so all traffic has the potential to be considered malicious.

via Tech Insight: Time To Set Up That Honeypot — Dark Reading.

Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals

Posted on April 27, 2013 by mea

Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could to let anyone take control of them.

via Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals | MIT Technology Review.

Using iptables and PHP to create a captive portal

Posted on April 22, 2013 by mea

There are various captive portal software packages available (both free and open source) that will allow you to setup an internet access facility that people have to logon to first. None of the packages I tried did what I wanted and they were not particularly customisable. Therefore I created my own, using a few iptables rules and PHP (along with a handful of other standard packages). This page details the steps that were taken. The key to this method as opposed to other iptables based solutions is that tracking information is removed after the user has signed up. Failure to do this will sometimes cause the user to still be redirected to your logon page even after they have signed up.

via Using iptables and PHP to create a captive portal – Andywiki.

Captive portals allow for a splash screen to be delivered to a user upon entering an open network such as free wifi hotspots at various establishments. This portal typically shows terms of service and displays some branding. The user hits OK and then they’re free to use the network. I find this burdensome but in the world of branding and advertising I can understand why places may want this. I found the above iptables only solution with some PHP interesting. Here’s another site.

For Squid users it appears to be even easier by only requiring some configuration changes. See Portal Splash Pages for more information.

Vint Cerf: SDN Is a Model for a Better Internet

Posted on April 17, 2013 by mea

Google has said previously that it implemented OpenFlow, the open-source network OS that is seen as a facilitator of SDN, beginning in 2010 (a Google-authored PDF whitepaper describing the implementation is available online.) Network utilization climbed to 95 percent, unheard of in the industry.

via Vint Cerf: SDN Is a Model for a Better Internet.

DDoS Power Up 718 Percent Amidst Widespread Batterings

Posted on April 17, 2013 by mea

But the DDoS protection vendor said the high packet-per-second (pps) rates, which averaged 32.4Mpps, were of more concern, especially for those operating at the ISP level. That’s because “most mitigation equipment tends to be limited by pps capacity, not Gbps”, the report read.

via DDoS Power Up 718 Percent Amidst Widespread Batterings.

Don’t Use Linksys Routers

Posted on April 9, 2013 by mea

Today I am publishing 5 Linksys router vulnerabilities so that consumers may be aware of the risks.
linksys vulns.txt

via Don’t Use Linksys Routers « Superevr.

I run a WRT54GL in my network but installed tomato on it because I never liked the linksys GUI and wanted to try out tomato. Here’s his take on the WRT54GL:

1. Linksys WRT54GL Firmware Upload CSRF Vulnerability
I demonstrate Cross-Site File Upload in my BlackHat and AppSec USA talks. If you need more info on the vector itself, check out How to upload arbitrary file contents cross-domain by Kotowicz.

I suspect these kind of exploits exist in all consumer grade routers.

OpenDaylight SDN Group Breaks Cover

Posted on April 9, 2013 by mea

The OpenDaylight members plan to work on a standardized SDN controller and develop OpenDaylight APIs that sit between the controller platform and the network applications and user interfaces. The common, open source platforms will be developed using technology contributed by member companies and utilizing existing industry standards such as OpenFlow.

via Light Reading – OpenDaylight SDN Group Breaks Cover.

Closing the gap to improve the capacity of existing fiber optic networks

Posted on April 8, 2013 by mea

The research team, which included Professor Arthur Lowery and Dr Liang Du of the Monash Department of Electrical and Computer Systems Engineering and Jochen Schroeder, Joel Carpenter and Ben Eggleton from the University of Sydney, managed to transmit a signal of 10 terabits per second (Tb/s) more than 850 km (528 miles) using the new technology.

via Closing the gap to improve the capacity of existing fiber optic networks.

Sslstrip Tutorial

Posted on March 28, 2013 by mea

Description: SSLstrip was released by Moxie to demonstrate the vulnerabilities he spoke about at Blackhat 2009. In this video we will look at how to get started with SSLstrip. We setup 2 vmware machines, one running Widnows XP (victim) and the other Backtrack 3 (Attacker). Before we actually begin hacking using SSLstrip, we need to setup the entire Man in the Middle Mechanism and packet redirection / forwarding mechanism. We do this by using the following commands in sequence:

via Sslstrip Tutorial.

This tool assumes a man in the middle setup and that http traffic (port 80) gets redirected to a port sslstrip listens to on the attacker’s machine (port 10000 in this video). Sslstrip then intercepts https traffic and returns to the victim http traffic. The victim thinking his traffic is encrypted is transmitting in plain text while sslstrip manages the ssl session with the victim’s destination (i.e. bank). Since this attack is using http the victim does not need to validate an ssl certificate thus it’s transparent. Detecting this attack is simple because the browser returns http in the displayed url instead of https so an alert victim should know. But not everyone may notice this.

Bucktown Bell

Cut to the chase.

Category Archives: Networking