LIPAX 'inline' pentest linux distro, input needed.

From: Rob J Meijer (rmeijer@xs4all.nl)
Date: Thu May 19 2005 - 10:04:21 EDT


I've been looking a bit more at what would be needed for creating a
'in-line' pentest Linux distro aimed at small network appliances.
I've put together a webpage on the subject, and a list of software
packages that will need to be included in the system.

The current setup is build around 4 concepts.

1) The yet to implement man in the midle framework, combining different
   MITM techniques behind a generic API. The basic design of LIPAX will
   be thus that at startup, all trafic from all interfaces will always
   traverse the MITM framework. The user can build software that uses
   the MITM framework API.
2) The MITM framework will communicate with basic servers, on localhost
   allowing specific services to be diverted to these servers, while all
   other trafic is bridged transparently, or is made subject to configured
   MITM services.
3) A user can choose to take the system out of MITM mode, and configure
   the system using information gathered during MITM mode.
   After doing this, the user could run basic network analysis tools.
   The tools available ar chosen thus, that as litle as possible
   functionality is doubled, no 'hurt them BAD' kind of tools are
   included, and the distribution does not become just a bunch of
   freshmeat search results packed together into a 'big set of tools'.
4) The system should provide a complete development enviroment, as
   standard tools will scarsely be sufficient to complete a security
   audit, the system comes with a full development kit and networking
   libraries for C,C++,perl. The basic philosophy behind lipax is
   that we provide a limited set of tools for the basic stuff, and
   an extended set of libraries, frameworks and perl modules that
   could combine to tailor the distribution to provide exactly that
   functionality that you require.

I've put a page on LIPAX at:

   http://www.xs4all.nl/~rmeijer/inline.html

The list of software I would like to put on it is at:

   http://www.xs4all.nl/~rmeijer/pkg.txt

Just to make things clear, the MITM framework DOES NOT YET EXCIST,
and I will not get started on it before I have the tracs project TRACS up
and running.

I am just looking for input with respect to the required software.
The target for this linux distribution will be the pcengines wrap systems
at first, followed by soekris and mycable appliances, and the
target media will be (the fast version of) the 1024MB CF cards, keeping
aprox 300 or 400 MB free for user data and tools. I'll be using XFS
filesystems to compensate both for both the limited speed of CF storage,
and the fact that the running system will get unplugged all the time.

Please let me know what you think of where I am heading with this,
I know that for myself, this concept would make for the ultimate
inline pentesting tool that meets all 'my' needs, but a wider audience
than just me, myself and I would be the main goal of making it into
a distribution. I am esspecialy interested in what you all think about the
4 concept that I would like to build this distribution on, and the
current content of pkg.txt describing what software should be included in
the distribution,



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT