From: Isaac Van Name (ivanname@southerlandsleep.com)
Date: Mon Nov 06 2006 - 13:55:39 EST
The Soekris box seems the best solution. I've been reading the multiple
recommendations for using a Zaurus or BlackDog... and I have to disagree.
The BlackDog option requires a system that already has Linux or Windows on
it to operate, and it imposes its own OS on top of the one on the system;
while small, this would not seem to meet the need well. The Zaurus, while
small, seems a bit overkill... why pay around $1000 for a portable unit that
will be stationary when you can pay <$200 for a stationary unit that will do
the same thing?
I agree that BlackDog and the Zaurus are cool toys, and I'd love to buy them
to play with... but, if you look at the initial problem, then neither of
those meet the solution well. I'd say go with the Soekris.
Isaac Van Name
Systems Administrator
"What good would you do with an ignorant employee? Ignorance is grounds for
dismissal..." - Mario Spinthiras
Open Source developing at its finest:
"Written in vim, W3C valid and UTF-8 encoded, for her pleasure."
Disclaimer: This email is intended only to be used to feign intellectual
mastery of a subject or superhuman command of the English language, when
profanity is involved. By reading this email, you are agreeing to cease all
correspondence with the sender upon realizing your own ignorance, and
furthermore to refrain from taking legal action against said sender when
your compounding ignorance crushes your inadequate self-esteem. Have a nice
day.
Original> -----Original Message-----
Original> From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]
Original> On Behalf Of Javier Reyna Padilla
Original> Sent: Friday, November 03, 2006 6:01 AM
Original> To: FocusHacks
Original> Cc: Petr.Kazil@eap.nl; PenTest
Original> Subject: Re: Small hardware network sniffer - does it exist?
Original>
Original> Thats exactly what I was going to recommend.
Original>
Original> 1. buy a soekris box
Original> 2. install linux on it
Original> 3. put network interfaces in bridge mode --- use bridge modules in
Original> kernel and bridge-utils
Original> 4. use iptables and ip-queue module
Original> 5.- install snort and run with -Q switch
Original> 6. send oll traffic from iptables to snort (snort-inline).
Original> 7. Cancel your social lief
Original> 8. buy a ton of coffe for reading all logs/capture
Original> 9. have fun!
Original>
Original> FocusHacks wrote:
Original> > http://www.soekris.com/
Original> >
Original> > They have some pretty small machines that are essentially
headless
Original> > 486s that can run BSD or Linux, and many of them have
Original> > power-over-ethernet, multiple NICs, WiFi ability, etc.
Original> >
Original> > On 11/2/06, Petr.Kazil@eap.nl <Petr.Kazil@eap.nl> wrote:
Original> >>
Original> >> I have ordered a few hardware keyloggers to play with
Original> >> (http://www.keelog.com/) and I was wondering if the same idea
exists
Original> for
Original> >> networks?
Original> >> A device that you could tape under a desk, and that would act
as a
Original> >> transparant bridge, sniffing all traffic.
Original> >>
Original> >> I know that you can use arp-spoofing to get a similar result
(easier,
Original> >> better?), and I know about hardware network taps.
Original> >> But I'm still interested in the theoretical possibilities of
this idea.
Original> >>
Original> >> I have a few old laptops, but these have just one PCMCIA
network card,
Original> so
Original> >> bridging is not possible (well, with the right kind of network
cards you
Original> >> can get two in that slot - I'll see if you can still buy
them). But
Original> >> laptops are too big and heavy.
Original> >>
Original> >> I've looked at microcontrollers with ethernet adapters, but
here I find
Original> >> webserver appliances with just one network interface. They're
small
Original> >> but I'm
Original> >> not sure if you could run an OS and a sniffer on them. I've
looked at
Original> >> miniboards but they are very expensive, too expensive for "just
a toy".
Original> >>
Original> >> But, considering that you can get a 2-cigarette-pack sized
Pix-firewall,
Original> >> such hardware must exist. But I haven't found the right
keywords yet.
Original> Any
Original> >> ideas?
Original> >>
Original> >> Greetings, Petr Kazil
Original> >>
Original> >>
Original> >>
------------------------------------------------------------------------
Original> >> This List Sponsored by: Cenzic
Original> >>
Original> >> Need to secure your web apps?
Original> >> Cenzic Hailstorm finds vulnerabilities fast.
Original> >> Click the link to buy it, try it or download Hailstorm for
FREE.
Original> >>
Original>
http://www.cenzic.com/products_services/download_hailstorm.php?camp
Original> =701600000008bOW
Original> >>
Original> >>
------------------------------------------------------------------------
Original> >>
Original> >>
Original> >
Original> >
Original>
Original>
Original>
Original>
------------------------------------------------------------------------
Original> This List Sponsored by: Cenzic
Original>
Original> Need to secure your web apps?
Original> Cenzic Hailstorm finds vulnerabilities fast.
Original> Click the link to buy it, try it or download Hailstorm for FREE.
Original>
http://www.cenzic.com/products_services/download_hailstorm.php?camp
Original> =701600000008bOW
Original>
------------------------------------------------------------------------
Original>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT