Is your network firewall backdoor open?

 This is going to almost sound like a basis for a script from the old “Mission Impossible” TV show. First a little preparation. If you work for a company or have lots of computers where you live, most likely (at least I hope so) there is a device to control what comes into your network. In general this is called a network firewall. They are set up to keep the bad guys out from the outside. What they do not do is keep a control over what goes from inside to outside the network.

If persons or persons want access to your network, trying to get through a firewall is the hardest way in. If they could put a device on the inside of your network, then they have you lock stock and barrel. Somehow they get physical access to your facilities and install what is known as a man in the middle device. Your firewall at this point is now worthless.

Traditionally man in the middle devices were created from old wifi routers using modified firmware. Generally you had to be nearby to have access to those units. Today with the new embedded processors, they are so small that they can be hidden anywhere on the network. Only a trained eye, or a skilled network administrator can detect these devices.

Today, this same technique has become a lot more sophisticated. Persons wanting access to your network will usually rent or lease a third party server. With this server a connection from the man in the middle device is much easier. In most cases, they will set up a second man in the middle device at another location surreptitiously that also connects to the third party server. In fact is best done at a victim’s competitors location so that it is more likely to be least detected and the competitor gets all the heat.

So the persons wanting access to your network do not have to be on the site of the competitor, a wifi (aka wireless) connection is used so everything can be monitored off-site. That means emails, passwords, documents, and general network traffic can all be monitored in safety, This s sometimes called sniffing.

Moral of the story. You need to physically monitor all internal network connections at desks, data closets, or anywhere there is access to the network. Make sure anyone working on the network is authorized to do so. Secondly, data going through the network has to be scrutenized also. One good way to see if there is a man in the middle attached some where is to disconnect the network at the desktop and see if there is still network traffic.

If there is, you will have to decide what to do next. You could disconnect it and then alert the persons and they will be gone immediately. Or you isolate that one network connection and set up what is known as a honey pot to keep their attention till the appropriate persons can be apprehended. One early good example of this, is documented in a book called “The Cuckoos Egg”. In any case, you should alert the authorities immediately.

———————————

Oracle wanted beellions and beellions of dollars (In a Carl Saganist tone) for this few lines of code. Anyone could have written this “generic” code. Almost like a generic example of the throw command from a java manual/

<br /><br />&lt;pre dir="ltr"&gt;private static void rangeCheck(int arrayLen, int fromIndex, int toIndex) {<br /><br />         if (fromIndex &gt; toIndex)<br /><br />             throw new IllegalArgumentException("fromIndex(" + fromIndex +<br /><br />                        ") &gt; toIndex(" + toIndex+")");<br /><br />         if (fromIndex &lt; 0)<br /><br />             throw new ArrayIndexOutOfBoundsException(fromIndex);<br /><br />         if (toIndex &gt; arrayLen)<br /><br />             throw new ArrayIndexOutOfBoundsException(toIndex);<br /><br />     }<br /><br />

The Fat lady should sing on Monday, Meellions and Meellions are posed to burn their java textbooks. Meellions and and  Meellions could be poised to dump their Oracle stock.

———————————

Easily accessing other linux boxes can be real easy. You will want to have ssh and sshfs installed.  Use your package manager to add those. You will also want to have your public ssh key installed on all the servers you want to access (http://www.instructables.com/id/Linux-setup-for-SSH-password-less-login/).

So open up up your file manager.

Now you have heard of ftp and http that you use in your web browser.  With the file manager, you are browsing files instead of websites. You can use a special prefix called sftp to browse files on other systems. Once the server name is typed in and the system has a chance to connect, you will automatically get options to enter other directories.

Choose the directory you want and press enter. There’s the files you were searching for.

And lastly, you should get a new icon on the desktop to reflect a shortcut tio the server/directory you have essentially mapped.

———————————

A while back we talked about computer systems having five parts. One of those parts is the software. Software can be divided into two categories. Operating systems control and interface the hardware. Application software allow users to solve problems. The application software can not run without the operating system.

Our focus will be on the operating system and how it starts up, Most traditional systems have what is known as a bios (basic input output system) that does the most basic interaction with the hardware .Newer systems use EFI which is a whole other animal.  it’s primary purpose is to have to software to easily interact with the motherboard and to load in an operating system that has more power to interact with the hardware.  You turn on the machine and the bios cycles thought the available hardware to load in an operating system. So it looks for what is known as a boot loader or a part of the media than can chain the operating system to load in.

Here we will use a virtual machine to simulate the booting of a machine.  Let’s make a virtual floppy.

$ sudo mkdosfs -C newdisk.img 1440
mkdosfs 3.0.12 (29 Oct 2011)

Now that we have a virtual floppy disk we must create a boot loader. We will type some code that will be converted to the binary ones and zeros the computer understands. You will need a program known as nasm to complete this process..  Here is the code:

helloboot.asm:


BITS 16                ;Tells the assembler that its a 16 bit code

mov ax, 07C0h        ;Origin, tell the assembler that where the code will
mov ds, ax        ;be in memory after it is been loaded

mov si, bootstring    ;Store string pointer to SI
call print_string

jmp $            ;Infinite loop, hang it here. Not normally what you want to do.

bootstring db "[ ---", 10, 13, "[ Your computer booted!", 10, 13, "[ ---", 13, 0

print_string:                   ;Print bootstring on the screen. Assume that ASCII value is in register AL

mov ah, 0Eh        ;Tell BIOS that we need to print one character on screen.

.loop:                ;Print a character at a time till all characters are printed.
lodsb            ;Loads a byte from the source operand into the AL register.
cmp al, 0        ;Reason for appending the 0 at the end of the string to know to quit.
je .finish        ;End of loop
int 10h            ;Print that character
jmp .loop        ;Do it again

.finish:

ret            ;End of call

times 510-($-$$) db 0   ;Fill the rest of sector with 0
dw 0AA55h               ;To be a valid boot sector, the two-byte hexadecimal sequence 0x55, 0xAA                              ;(called the boot sector signature) must exist at the end of the sector.

You will need a text editor to type in (or cut and paste) the code so we can convert it. Using nasm. lets convert the source code to a BINary file to be executed from the floppy.

$ nasm -f bin -o helloboot.bin helloboot.asm

Now that we have the binary file helloboot.bin, it needs to be installed on the virtual floppy at the beginning of the media where the bios will see it.

$  sudo dd if=helloboot.bin of=newdisk.img conv=notrunc
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.000335593 s, 1.5 MB/s

Now we need to try it out. So fire up up your virtual machine (aka vm). Qemu is a popular easy to get virtual machine software you can use for this project. Set your vm to boot from the virtual floppy disk and choose newdisk.img as the floppy file to boot from.

Now you need to launch the virtual machine And TADA, you have loaded your boot sector.. What really happens is a kernel is loaded in and then the operating system takes over.  More about that later.

Code without the comments:

BITS 16
mov ax, 07C0h
mov ds, ax
mov si, bootstring
call print_string
jmp $
bootstring db “[ —“, 10, 13, “[ Your computer booted!”, 10, 13, “[ —“, 13, 0
print_string:
mov ah, 0Eh
.loop:
lodsb
cmp al, 0
je .finish
int 10h
jmp .loop
.finish:
ret
times 510-($-$$) db 0
dw 0AA55h

———————————

Pork chops with home made gravy, green pea salsa, cucumber/celery salad, toast, with a bit of home made banana bread. Orange juice to drink.

Good day!

Advertisements