SIG 2  SOHO Honeynet <ul><ul><li>Hacking Linksys router for fun and profit </li></ul></ul>
What we will cover <ul><li>The history of the project? </li></ul><ul><li>Theory of operation </li></ul><ul><li>Getting and...
History of the project <ul><li>Officially started 11 th  January 2005 </li></ul><ul><li>Real work started beginning of Mar...
Project goals <ul><li>Using cheap off-the-shelf hardware to increase the network size of honeynets </li></ul><ul><li>Make ...
 
Theory of Operation <ul><li>Use a router running Linux </li></ul><ul><ul><li>Open Source = Easy to Customize </li></ul></u...
Choosing hardware <ul><li>Linksys WRT54G </li></ul><ul><ul><li>125Mhz MIPS CPU </li></ul></ul><ul><ul><li>16 Mb RAM </li><...
Hacking the stock firmware <ul><li>Using the Linksys “ping” bug to enable boot_wait </li></ul><ul><ul><ul><li>;cp${IFS}*/*...
Uploading custom firmware <ul><li>Configure tftp client </li></ul><ul><li>Power cycle the router </li></ul><ul><li>Upload ...
TFTP Session <ul><li>$ tftp 192.168.1.1 </li></ul><ul><li>tftp> binary </li></ul><ul><li>tftp> rexmt 1 </li></ul><ul><li>t...
First boot <ul><li>Boot router in failsafe mode </li></ul><ul><li>Run the firstboot script to initialize the jffs2 partiti...
Using ipkg <ul><li>ipkg update </li></ul><ul><ul><li>Downloads the list of all available packages </li></ul></ul><ul><li>i...
Installing required software <ul><li>bridge </li></ul><ul><li>zlib </li></ul><ul><li>dnsmasq </li></ul><ul><li>dropbear </...
Current known or suspected issues (aka the ToDo List) <ul><li>TTL inconstancy </li></ul><ul><li>Installation is not as sim...
Call for participation <ul><li>Developers </li></ul><ul><ul><li>C (Applications / Linux kernel) </li></ul></ul><ul><ul><li...
Thank you <ul><li>Any questions? </li></ul>
URLs <ul><li>http://proxy.11a.nu/iwfc-soho-honeynet/  (temporarily project home) </li></ul><ul><li>http://iwfc.security.or...
Upcoming SlideShare
Loading in …5
×

SoHo Honeypot (LUGS)

2,343 views

Published on

SoHo Honeypot presentation for LUGS 2005/04/16

Published in: Economy & Finance, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,343
On SlideShare
0
From Embeds
0
Number of Embeds
42
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SoHo Honeypot (LUGS)

  1. 1. SIG 2 SOHO Honeynet <ul><ul><li>Hacking Linksys router for fun and profit </li></ul></ul>
  2. 2. What we will cover <ul><li>The history of the project? </li></ul><ul><li>Theory of operation </li></ul><ul><li>Getting and hacking the hardware </li></ul><ul><li>Custom firmware and OpenWRT </li></ul><ul><li>VPN </li></ul><ul><li>Firewall and routing </li></ul><ul><li>Call for participation </li></ul>
  3. 3. History of the project <ul><li>Officially started 11 th January 2005 </li></ul><ul><li>Real work started beginning of March </li></ul><ul><li>Project leader: </li></ul><ul><ul><li>Michael Boman </li></ul></ul><ul><li>Project members: </li></ul><ul><ul><li>Rick Zhong </li></ul></ul><ul><ul><li>Eugene Teo </li></ul></ul>
  4. 4. Project goals <ul><li>Using cheap off-the-shelf hardware to increase the network size of honeynets </li></ul><ul><li>Make use of everyday people's always-on Internet (IE: Cable / ADSL) </li></ul><ul><li>Make the system as simple as possible to configure and maintain </li></ul><ul><li>Must not interfere with normal Internet usage </li></ul>
  5. 6. Theory of Operation <ul><li>Use a router running Linux </li></ul><ul><ul><li>Open Source = Easy to Customize </li></ul></ul><ul><ul><li>Linux has a wide range of already existing tools </li></ul></ul><ul><ul><li>Project members are already familiar with Linux </li></ul></ul><ul><li>Establish a VPN to central honeynet </li></ul><ul><li>Redirect all traffic that should have been dropped by the firewall to central honeynet </li></ul>
  6. 7. Choosing hardware <ul><li>Linksys WRT54G </li></ul><ul><ul><li>125Mhz MIPS CPU </li></ul></ul><ul><ul><li>16 Mb RAM </li></ul></ul><ul><ul><li>4 Mb Flash </li></ul></ul><ul><li>Linksys WRT54GS </li></ul><ul><ul><li>125 Mhz MIPS CPU </li></ul></ul><ul><ul><li>16 Mb RAM </li></ul></ul><ul><ul><li>8 Mb Flash </li></ul></ul>
  7. 8. Hacking the stock firmware <ul><li>Using the Linksys “ping” bug to enable boot_wait </li></ul><ul><ul><ul><li>;cp${IFS}*/*/nvram${IFS}/tmp/n </li></ul></ul></ul><ul><ul><ul><li>;*/n${IFS}set${IFS}boot_wait=on </li></ul></ul></ul><ul><ul><ul><li>;*/n${IFS}commit </li></ul></ul></ul><ul><ul><ul><li>;*/n${IFS}show>tmp/ping.log </li></ul></ul></ul>
  8. 9. Uploading custom firmware <ul><li>Configure tftp client </li></ul><ul><li>Power cycle the router </li></ul><ul><li>Upload the firmware using tftp </li></ul>
  9. 10. TFTP Session <ul><li>$ tftp 192.168.1.1 </li></ul><ul><li>tftp> binary </li></ul><ul><li>tftp> rexmt 1 </li></ul><ul><li>tftp> trace </li></ul><ul><li>Packet tracing on. </li></ul><ul><li>tftp> put <firmware file> </li></ul>
  10. 11. First boot <ul><li>Boot router in failsafe mode </li></ul><ul><li>Run the firstboot script to initialize the jffs2 partition </li></ul>
  11. 12. Using ipkg <ul><li>ipkg update </li></ul><ul><ul><li>Downloads the list of all available packages </li></ul></ul><ul><li>ipkg list </li></ul><ul><ul><li>List all available packages </li></ul></ul><ul><li>ipkg install <pkg> </li></ul><ul><ul><li>Installs a package </li></ul></ul><ul><li>ipkg remove <pkg> </li></ul><ul><ul><li>Removes a package </li></ul></ul>
  12. 13. Installing required software <ul><li>bridge </li></ul><ul><li>zlib </li></ul><ul><li>dnsmasq </li></ul><ul><li>dropbear </li></ul><ul><li>kmod-tun </li></ul><ul><li>lzo </li></ul><ul><li>openssl </li></ul><ul><li>openvpn </li></ul><ul><li>interface-wrt </li></ul><ul><li>kmod-iptables-extra </li></ul><ul><li>iptables-extra </li></ul><ul><li>iptables </li></ul><ul><li>ntpclient </li></ul>
  13. 14. Current known or suspected issues (aka the ToDo List) <ul><li>TTL inconstancy </li></ul><ul><li>Installation is not as simple as we want </li></ul><ul><li>Configuration is not as simple as we want </li></ul>
  14. 15. Call for participation <ul><li>Developers </li></ul><ul><ul><li>C (Applications / Linux kernel) </li></ul></ul><ul><ul><li>Ash shell script (Web GUI, helpers etc) </li></ul></ul><ul><li>Beta testers </li></ul><ul><ul><li>Have the required hardware </li></ul></ul><ul><ul><li>Willing to test new firmware and packages </li></ul></ul><ul><ul><li>Submit bug reports </li></ul></ul><ul><li>Documentation authors </li></ul>
  15. 16. Thank you <ul><li>Any questions? </li></ul>
  16. 17. URLs <ul><li>http://proxy.11a.nu/iwfc-soho-honeynet/ (temporarily project home) </li></ul><ul><li>http://iwfc.security.org.sg/ </li></ul><ul><li>http://www.openwrt.org/ </li></ul>

×