Joi Ito's Web

Joi Ito's conversation with the living web.

ettercap.gif
When the WiFi network went down at FiRe and Max quickly mapped out the network, grabbed a free IP address and started hunting for the rogue network, it was useful and cool. I hadn't messed around with "security tools" recently so I decided to spend one hour searching for some tools that would work on my Mac.

First I downloaded trusty nmap which scans your network for computers, does an OS fingerprint and will often find the name, revealing the owner. It will also do quiet portscans to see what services are running on the machines.

Then I found ettercap. (Lastest version doesn't run properly on the OS X, use version 0.6.7.) This is a full-featured packet sniffer with an easy to use interface. It is unique in that instead of doing IP sniffing, it uses ARP hacking and MAC address spoofing to allow you to sniff across switches. It has a variety of "plug-ins" that let you easily capture email, passwords and keyword filtered bits and pieces into files or onto the screen. It lets you insert your own text into connections so you could for instance type a command into someone's telnet session. Of course you can also terminate other people's sessions and connections. Another interesting feature in the recent release is that you can now sniff SSH1 sessions. (Lucky for Dan we installed SSH2 on his computer.)

ettercap README
5.4.4 SSH1 MAN-IN-THE-MIDDLE

When the connection starts (remember that we are the master-of-packets, all packets go through ettercap) we substitute the server public key with one generated on the fly and save it in a list so we can remember that this server has been poisoned before.

Then the client send the packet containing the session key ciphered with our key, so we are able to decipher it and sniff the real 3DES session key. Now we encrypt the packet with the correct server public key and forward it to the SSH daemon.

The connection is established normally, but we have the session key !! Now we can decrypt all the traffic and sit down watching the stream ! The connection will remain active even if we exit from ettercap, because ettercap doesn't proxy it (like dsniff). After the exchange of the keys, ettercap is only a spectator... ;)

I also googled around a bit and found a wep key cracker for WiFi wep keys and a password cracker for unix and windows passwords that all seemed easy enough to run.

My point is, an old fart like me with a some curiosity and an hours works was able to load up enough gear onto my Mac to do the basics. With a bit more time and skill, I could probably find the exploits so I could break into the computers I found on the network instead of just watching and messing with their connections.

If you want to feel safe using a WiFi network, AT LEAST use SSH2 port forwarding, PGP and some security on your network like a Sputnik with security turned on.

I met blogger Stefan Smalla at FiRe and just when I was feeling guilty for not blogging any of the actual content, I noticed that Stefan did a great job. Thanks!

Got my Technorati bot done this morning. It checks technorati through the xml api every 10 minutes for my cosmos. If there is a new inbound link to my blog, it sends me an email and a jabber chat message with the details. Used technorati.py by Mark Piligrim and jabberpy0.4-0. Now I can make jabber bots. Beware beware. ;-)

Just got back and posted photos from the secret retreat in Appenzell here. The artifacts from my camera are still mildly visible. Drat!

I'm at the Zurich airport now at an Internet kiosk so I can't upload the pictures, but I spent the day yesterday in the mountains of Swizerland hiking, moblogging under the surveillance of the goats and cows with my PowerBook on my back. It was REALLY tiring, but REALLY beautiful. We all stood at the top of the mountain as the sun set and we had a 360 view of the countryside around us. At the apex of the mountain was a very old inn where 20 or so etoy agents, bitflux bloggers, and St. Gallen University students met up for a mountain top secret conference. Apologies to those who responded to my blog entry but couldn't make it. Hats off to Michael who actually made it.

It was 10pm when we started and considering how exhausted we were from the (for some people 3 hour) hike up the mountain, the discussion was interesting and heated. We talked about art, open source software, architecture, the future of etoy and of course a little about blogging.

It was great to put faces behind some of the names I come across on the blogs. Blogging in Europe is starting to take off and I think the bitflux folks and others will lead the pack. Maybe then can help us make wikis more cool looking. ;-)

Anyway, I'm offline again for 12 hours or so while I make my way back to Tokyo...