M-ETH
Man in the middle - ETHernet
M-ETH
Man in the middle - ETHernet
Gabriel González
García
LaCon 2009
Gabriel González
...
 High-level Functionality
 Demo – Live!
 Detailed Description
 Ethernet – PCI Card
 Custom Development
 Transparent for the user
 Analyzes the whole Host’s traffic (in/out)
 All the packets go through the MCU
 Allows to analyze/modify network traff...
 Information forwarding
 Content Filtering
 IPS/IDS
 Information Leaking Prevention
 On-the-Fly File Modification
LIVE!!
 Components
 M-ETH Architecture
 Firmware
 Chip (MAC + PHY) & PCI : DP 83816EX
 (MAC + PHY) & SPI: ENC28J60
 MCU (Embedded MAC): AVR32UC3A
MAC
PHY
 Ethernet Configuration
 4-wire Comunication
 FreeRTOS
 Driver Integrated MAC
 Ethernet Driver ENC28J60
 Custom Micro TCP/IP Stack
 Two task running in Parallel
◦ Ingress Traffic
◦ Outgress Traffic
1. Packet Read
2. Perform Action?
3. If modified, regenerate checksums
4. Send packet if not blocking
HOYGAN!! ¿HALGUNA PREGUNTAH?
M-ETH: Man in the Middle Ethernet
Upcoming SlideShare
Loading in …5
×

M-ETH: Man in the Middle Ethernet

2,686 views

Published on

Slides from the M-ETH presention at LaCon'09

More information at Wintercore Labs' blog: http://blog.wintercore.com

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,686
On SlideShare
0
From Embeds
0
Number of Embeds
432
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

M-ETH: Man in the Middle Ethernet

  1. 1. M-ETH Man in the middle - ETHernet M-ETH Man in the middle - ETHernet Gabriel González García LaCon 2009 Gabriel González García LaCon 2009
  2. 2.  High-level Functionality  Demo – Live!  Detailed Description
  3. 3.  Ethernet – PCI Card  Custom Development  Transparent for the user
  4. 4.  Analyzes the whole Host’s traffic (in/out)  All the packets go through the MCU  Allows to analyze/modify network traffic
  5. 5.  Information forwarding  Content Filtering  IPS/IDS  Information Leaking Prevention  On-the-Fly File Modification
  6. 6. LIVE!!
  7. 7.  Components  M-ETH Architecture  Firmware
  8. 8.  Chip (MAC + PHY) & PCI : DP 83816EX  (MAC + PHY) & SPI: ENC28J60  MCU (Embedded MAC): AVR32UC3A
  9. 9. MAC PHY
  10. 10.  Ethernet Configuration
  11. 11.  4-wire Comunication
  12. 12.  FreeRTOS  Driver Integrated MAC  Ethernet Driver ENC28J60  Custom Micro TCP/IP Stack
  13. 13.  Two task running in Parallel ◦ Ingress Traffic ◦ Outgress Traffic
  14. 14. 1. Packet Read 2. Perform Action? 3. If modified, regenerate checksums 4. Send packet if not blocking
  15. 15. HOYGAN!! ¿HALGUNA PREGUNTAH?

×