Concise Courses Raspberry Pi

  • 893 views
Uploaded on

DJ Palombo's talk on how to use Raspberry Pi in order to attack a network from within.

DJ Palombo's talk on how to use Raspberry Pi in order to attack a network from within.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
893
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
15
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Concise Courses How Raspberry Pi Can Change How People Attack NetworksDJ Palombo Raspberry Pi is a trademark of the Raspberry Pi Foundation
  • 2. Who Am I?•In my junior year in Computer and DigitalForensics at Champlain College, Burlington VT•20 Years Old•Currently studying in Dublin, Ireland
  • 3. What is Raspberry Pi?• $35 Computer the size of a credit card• Uses GNU/Linux Operating Systems• Model B has 512 MB RAM, 2 USB ports, Ethernet, video out, and HDMI• Operating System loaded on SD cards• Storage is based on the SD card size
  • 4. What this is NOT• Be all, end all network attack• Proposal of better-than-sliced-bread attacks What this is• Another viable threat that should be assessed• A warning to security professionals
  • 5. What is the theory behind it?• Cheap, inexpensive computer – My terminology for it: “Burner Computer”• Small size allows it to be easily hidden• Attack from within rather than forcing your way through
  • 6. What attacks to do?• Whatever you want!• Sniff networks for information and passwords• See all internal network traffic• Try to shut down the network from within
  • 7. My first concept• It can be used as a cheap cluster for computing power – Useful in some context – Ability to gain a large amount of power at low cost• What next?
  • 8. What you can do• Route all the traffic through the Pi – MITM attacks• Packet sniff inside a network• VLAN Hopping• VoIP sniff
  • 9. Man In the Middle Attacks• Ability is built into Ettercap – DHCP spoofing – Arp Poisoning• All traffic will then run through your system• You can modify traffic as it runs through your system
  • 10. VLAN Hopping• You can check to see if there are other parts of the network, and listen on their traffic too• VoIP Hopper – Will act like a VoIP phone and look for other devices across the network – Listens for any traffic that signifies other VoIP devices• SIP crack – Crack passwords of VoIP device – Works similar to aircrack
  • 11. VoIP Attacks• When inside a network, why not listen in on their calls?• VoIPong – Allows user to sniff any calls on the network – Will record and output to .wav file for listening later
  • 12. Other options• Instead of wireless attacks, why not hardwire? – Surge protector + Raspberry Pi = Network Observation Device• Use it for the manufacturer’s intended purpose?
  • 13. Surge Protector Pi• For a small cost, you can set your Pi up inside a surge protector – Constant source of power – Inconspicuous – Hardwired Ethernet connectivity
  • 14. How to defend against this threat •Physical security •Monitor network traffic •Specifically search for traces of network sniffers
  • 15. How to defend against thedefenders•Spoof MAC address, andchange it periodically ifyou are within a network•Hide the device well•Don’t be afraid to losethe device
  • 16. How to prepare yourself• Obtain Pi• Setup the Pi – I recommend using PwnPi ( pwnpi.net )• Know your toolkit• Know your target and your goal• Figure out how you are going to power it
  • 17. The Drop-off• Dependent on who you are attacking• Use common sense, and be sneaky!• Know your options, and know your opponents
  • 18. Contact DJ• Palombo.dj@gmail.com• @DJPalombo – #ProjectRasPi• http://bit.ly/DJsLinkedIn
  • 19. Any Questions?