From: Javier Reyna Padilla (jreyna@onlinet.com.mx)
Date: Fri Nov 03 2006 - 07:00:48 EST
Thats exactly what I was going to recommend.
1. buy a soekris box
2. install linux on it
3. put network interfaces in bridge mode --- use bridge modules in
kernel and bridge-utils
4. use iptables and ip-queue module
5.- install snort and run with -Q switch
6. send oll traffic from iptables to snort (snort-inline).
7. Cancel your social lief
8. buy a ton of coffe for reading all logs/capture
9. have fun!
FocusHacks wrote:
> http://www.soekris.com/
>
> They have some pretty small machines that are essentially headless
> 486s that can run BSD or Linux, and many of them have
> power-over-ethernet, multiple NICs, WiFi ability, etc.
>
> On 11/2/06, Petr.Kazil@eap.nl <Petr.Kazil@eap.nl> wrote:
>>
>> I have ordered a few hardware keyloggers to play with
>> (http://www.keelog.com/) and I was wondering if the same idea exists for
>> networks?
>> A device that you could tape under a desk, and that would act as a
>> transparant bridge, sniffing all traffic.
>>
>> I know that you can use arp-spoofing to get a similar result (easier,
>> better?), and I know about hardware network taps.
>> But I'm still interested in the theoretical possibilities of this idea.
>>
>> I have a few old laptops, but these have just one PCMCIA network card, so
>> bridging is not possible (well, with the right kind of network cards you
>> can get two in that slot - I'll see if you can still buy them). But
>> laptops are too big and heavy.
>>
>> I've looked at microcontrollers with ethernet adapters, but here I find
>> webserver appliances with just one network interface. They're small
>> but I'm
>> not sure if you could run an OS and a sniffer on them. I've looked at
>> miniboards but they are very expensive, too expensive for "just a toy".
>>
>> But, considering that you can get a 2-cigarette-pack sized Pix-firewall,
>> such hardware must exist. But I haven't found the right keywords yet. Any
>> ideas?
>>
>> Greetings, Petr Kazil
>>
>>
>> ------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>>
>> ------------------------------------------------------------------------
>>
>>
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:17 EDT