Could you share with the group your secret to how you attained perfection? ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
However, there's a problem. The device has to be attached between the network an the main servers, or between the network and the main router to the internet, or it can't do passive sniffing. Ethernet switches only pass packets that have the MAC address of the destination device in the header. It's not like a hub (repeater) which spews everything it hears to everyone else. With the switched network, the best you can do is capture broadcast packets, and build a map of the network for later abuse. However, it can do active penetration and run scripted exploits, which are can be detected.
I've never played with the commerical pwn plug device, but have done my share of penetration testing using Backtrack, Kali, and Metasploit as well as sniffing packets with Wireshark. Incidentally, wireless sniffing has it's own unique headache. It's difficult to find a location when one can hear both ends of a wireless connection. You need to capture both sides of an exchange to do anything useful.
Ok, no more fun. Back to work...
--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Sometimes we use that but it's not really suitable for conferencing.
Not all airliners have anything to plug into. Many of my flights were with older generation 747.
Same here. My car is over 17 years old and hasn't yet reached 80k miles.
[...]
Or just buy used, flea market, yard sale, thrift store. Like the $3 breadmaker we use to kneed the dough for bread or pizza. It is from the pre-uC days.
Key is not to spend too much on such gear. I found that with consumer merchandise you do not always get what you pay for. Like the rear tire on my mountain bike. A $50 tire was gone in 500mi. The new one from Thailand cost me around $17 and it shows about 30% wear at 200mi.
That's the ticket, replacement parts. You can only buy the electronics at the company store, hence ...
I like stainless. Our Thermador range is like that, >40 years old and looks great. The Thermador double oven is falling apart so we ordered a stainless one from Kenmore to match the range. They only had black or stainless.
I have worked at an establishment where WiFi access was freely available within the site (the access code was openly published on the Intranet and a white-board near the refrectory), so that you could hook up your own BYOD. Admittedly the place was populated by physicists and engineers involved in a rather large science experiment. There was a very decent firewall between the WiFi and anything important and if you needed a tunnel for anything specific you had to make special requests for that (permission only granted after they had ensured your Virus Protection measures were adequately up to date).
--
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-510979
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************
You've missed the point. It isn't designed to sniff packets!
Rather, it is designed to allow an outside attacker to get through the firewall -- by initiating an OUTBOUND connection (to an outside server that you control or have access to). From there, the outside adversary picks up the connection and now has a neat hole through the firewall -- the plug acts as your "inside proxy".
Most firewalls are permissive about outbound connections (because they have no idea which web sites, etc. their employees may want to visit:
formatting link
sounds as good as any other!
The fact that the device sitting at hack_me_please.com chooses to pass commands to the plug for *it* to execute for the outsider's benefit isn't noticed by the firewall. Instead, you need active penetration detection *inside* the firewall.
Finding spare parts gets to be an issue. Folks are always looking at my roof panels longingly (make sure to keep them firmly locked down!)
This is *most* annoying! I hate shopping as it is. Having to chase second-hand shops in the hope of finding a particular item is very frustrating!
I have been looking for a spare baking dish for my cheesecake Rx. Newer versions have too shallow a draft angle on the sides. The only place I'll come across one will be a thrift store, etc.
But, you could visit EVERY thrift shop in town (and there are DOZENS of them, here!) and not find it in any of them. But, that tells you nothing about what next week's results are likely to be!
Yup. I prefer fixing discards. It's a bit of a distraction, makes me feel good that I kept something out of the landfill *and* fills a need.
The door latch mechanism for our washer is actually made by a third party and sourced to multiple different washing machine vendors. So, I can cut the manufacturer out of the loop.
Doesn't make the replacement part any *better* (more reliable), though!
we didn't like it at all. Shows fingerprints too easily -- almost as bad as gloss black! So, we'll wait until styles change and see if the next "fad" is more to our liking...
Oops, you're right. I really should play with one of those to see how it works and what can be done with it.
Yep, that will work. However, the pwn plug will need a MAC address and IP address either from the LAN DHCP server, or something statically assigned and forged. Either way, it can be detected on the network by arpwatch, an IDS (intrusion detection system), or something similar: I have arpwatch running on most of my networks. When someone gets a new device (iPhone, iPad, Android, etc), I'm the first to know. The pwn plug can possibly remain undetected by cloning the MAC-IP address pair of a valid machine, which needs to be turned off, and hope that nobody asks why someone is working overtime at 2AM in the morning.
More:
--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Whatever you can do sitting at someone's desk at *their* computer.
There are lots of different ways to do this. E.g., you could put a second NIC in the plug and connect a legitimate host to *that*; then, connect the plug to the host's "normal" network drop.
[E.g., one of the plug's forms is disguised as an outlet strip... you'd think nothing of running your network connection through the "surge protector" available on that strip! :> I.e., someone seeing the cables in and out would just think that was the role that the outlet strip/surge protector counterfeit was playing!]
Now, on detecting the NIC to the workstation coming up, the plug brings up the interface to the local server/network. It copies the MAC from the local workstation and uses that to present to the company server. The IP address made available in the DHCP is assumed by the plug -- *and* passed along to the workstation.
There's no duplication of IP's or MACs, here -- each internet (the normal "corporate internet/intranet" and the workstationplug internet) sees only one of each MAC and IP! No way to detect that there are two devices consuming the same IP/MAC.
No, see above. There are really a *lot* of ways to defeat first-order defenses.
The only way to detect the scenario that I've illustrated is to look at the node's *behavior* and compare it to what you *expect* from that node. E.g., statistical profiling, etc. "Why is this node chattering so much? Why is this node trying to contact the payroll server when it shouldn't be? etc."
Here, I defend against internal attacks by explicitly enabling particular connections between nodes (the outside world being one of them) *and* encrypting traffic. So, the node that handles the FM radio tuner can pass a particular type of traffic on a particular set of ports to the node that handles audio distribution. That node can, in turn, pass another particular type of traffic on particular ports to the nodes that represent my speakers, etc. Nodes are fixed ports on the network switch -- which is physically secured.
So, worst case, someone clips the network cable to a speaker on the back porch (i.e., he hasn't broken into my house, yet!), all he can do is whatever that speaker could do! If he tries to connect to the security system, the traffic will simply be dropped (and, my packet filter FOR THAT NODE will notice this and flag it as hostile -- no reason for a speaker to be talking to the security system... or, google.com... or...). So, the packet filter can decide to simply block ALL traffic, thereafter
["Hey, Don, the speaker on the north end of the porch must be broken. It's been spewing all sorts of unexpected data. Rather than let it keep operating in that BROKEN state, I've blocked all traffic to and from it and informed the nodes that normally would expect to conversse with it that it is now, effectively, off-line. Take a look at it, OK?"]
This leaves a few other attack modes:
- attack the *speaker* by trying to masquerade as "the house"/"the audio system"
- wage a MiM attack
- a physical attack (outward facing or inward facing)
Attacking the speaker is ineffective because you can't forge the encrypted traffic that the speaker expects. When it tries to negotiate a set of keys with you, you can't provide an effective/consistent key set. So, it sees no (valid) incoming traffic.
A MiM attack fails for much the same reason. All you see is encrypted traffic. You can't *alter* the content because the content sits behind armor. You can delay it or corrupt it. But, then the speaker (or audio system) will see you as misbehaving and shed you as a source (or load).
An outward facing physical attack (i.e., attack the speaker) can damage or destroy the speaker (e.g., put high voltage on the network pairs and cook the interface in the speaker). You've already got physical access to the speaker so I have to assume you can *steal* it! Toasting it is no worse -- I'd have to replace it, regardless.
An inward facing attack (e.g., trying to fry the network switch that sits at the other end of those network pairs that you have in your hands) toasts the single port in the switch -- and nothing more. The design of my switch is such that each port sits behind a "one port firewall" (which does all of this encryption and dynamic filtering that I mentioned). Toast that and I replace it with a new one. Do it several times and I decide that I really don't need speakers on the back porch :> Or, should get a bigger dog!
What you need to defend against a plug is to adopt the same sorts of mechanisms -- e.g., so all the traffic through the plug is encrypted and the plug has no effect way as MiM of understanding the key protocol and intercepting the keys. That probably means some level of obfuscation as anyone with access to the office/cubicle can probably arrange access to the workstation or hard disk within. So, you shift more of the security measures onto the actual *users* (requiring them to log in to their *machine* BIOS before the machine WINDOWS can log onto the network -- so the contents of the hard disk are not subject to inspection even if you remove the drive from the machine or boot off a "live CD", etc.)
You may be able to get some folks in highly trusted positions to do this... but, in a large corporation...? If so, plug attacker moves on to the business in the next office down the block!
That is why it is important to buy a car where the manufacturer has a serious multi-platform modular mentality. Japanese ones excel in this regard. Sometimes the same part fits on a new passenger car and on a 20 year old truck. Unfortunately that also makes these vehicles prime theft targets even if they are older. Where you'll never seen again because it goes straight into a chop shop.
It's not so bad. For example, when we buy at the local thrift store the whole profit is used for hospice care.
No, but what's the alternative if Wallyworld and others don't carry it? Not baking cheese cake anymore? Can't do that, I love cheese cake.
I could not find a strurdy 29" full suspension bike that withstands my level of riding :-)
Did look on Craigslist for a while but ... nothing.
This is where having a friend with a machine shop in the garage helps. You fix his electronics, he makes you a part from real metal.
Well, the alternative to this model oven is ... gloss black. We don't have much choice. Ideally we'd like a model where the upper oven is either a microwave or a combine microwave plus oven. But if you need a
24" wide model it's slime pickens. Unless you are willing to pay through the nose which we aren't. IMHO it has to remain under $2k installed.
I'm not concerned about where the proceeds from the sale go. Rather, I'm concerned about the amount of time I spend *hoping* to encounter what I need.
There are lots of places that sell baking kit. We're not trying to "bottom feed". It's just not manufactured in this style anymore.
I found a larger baking dish that is "adequate". But, means the cakes are 50% larger and more effort to make (for this recipe, time/effort is essentially proportionate to volume)
Which reminds me to tell SWMBO she still has a couple pieces in the big freezer...
I have friends who own (outright, not "me and the bank") wire EDM machines, etc. Lots of friends. Being very willing to do favors for others leaves them very willing to return the favors -- esp when I ask so seldom! :>
Yup. In our case, it was stainless, black or white. We opted to wait as appliance color schemes, styles tend to change pretty regularly.
On our 40+ year old Thermador dual-oven stuff began falling apart and they would not carry spare parts anymore. The last straw was a broken pulley rope to hold the upper door. It is now so heavy to lift that my wife has a hard time with it. That made us decide it's time.
I'm pretty resourceful when it comes to keeping things working. And, have lots of "resources" (e.g., friends) that I can draw on for "one-offs" that I can't find, otherwise.
Other things I tackle with redundancy -- e.g., SWMBO has one of those "mini stereos" that she enjoys (radio, CD's, etc.). So, picked up a second one of them for her to use in her studio. If one dies, I move the remaining unit to the spot she "wants it most" while I repair the broken unit.
(E.g., the CD changer fails every 6 months -- on EACH machine! So, I pull whichever one is dead and swap the working unit into its place while I fix the dead unit. Then, put the dead unit where the working unit *was*. This implicitly alternates among which unit will die, next -- as the "most important location" always gets the machine that hasn't YET failed... but, it *will* when it gets moved into that location!)
--
Interesting point of view, but one which neatly sidesteps the issue
of owning up to your less egregious errors by relegating them to the
"they don't matter" set.
A faulty viewpoint, however, since the devil's in the details and if
your continuing admonition that not checking one's work is an error
in its own sake is true.
Your banter is often peppered with feigned disdain for those to whom
you've taken a dislike, so while the name-calling - in those
instances - may not be overt, the disrespect comes through loud and
clear.
In other instances when you've clearly made an error, have been
asked to justify your position technically, and you know that you
can't, instead of merely acquiescing and admitting your error, you
take the offense by likening your critics to barnyard animals - or
to the deranged - in an effort to shift the focus of the discussion
away from yourself and onto your critic(s).
--
John Larkin Highland Technology, Inc
picosecond timing laser drivers and controllers
jlarkin att highlandtechnology dott com
http://www.highlandtechnology.com
--
Well, DUH!!!, but it skirts the question.
No matter, here's the "BEFORE" complementing your "AFTER".
https://www.dropbox.com/s/sfqqspj6ypcngyw/Coffee%20Mug.JPG?dl=0
John Fields
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.