The Tezro as a security device

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
Thaidog
Posts: 182
Joined: Mon Dec 13, 2004 11:19 pm

The Tezro as a security device

Unread postby Thaidog » Tue Jan 04, 2005 5:12 am

Wow the Tezro sure does have a lot of throughput... It occoured to me the other day that you could put the Tezro on my entire company's network (at our one building that is) and probably monitor all network traffic in realtime and maybe even decrypt and re-encrypt weak lotus mail encyrption on the fly with it.

Has anybody here heard of any organizations using the tezro for more than just NLE?

User avatar
chervarium
Posts: 349
Joined: Fri Jan 09, 2004 4:02 am
Location: Sofia, BG, EU
Contact:

Unread postby chervarium » Fri Jan 07, 2005 5:34 pm

You CANNOT do that in a properly switched network environment (with separated VLANs, per-port authentication to activate the port, IPs-to-MAC-to-port maps, etc.). My switches will simply turn the offending port off upon sensing any illegal activities (expecting me to manually restart the port and LART the offender).
LAMMEN GORTHAUR

User avatar
themacosxflies
Posts: 943
Joined: Fri Apr 09, 2004 6:53 am
Location: great empire in the distant past
Contact:

Unread postby themacosxflies » Sat Jan 08, 2005 6:19 am

Thaidog, so you don't need that Tezro anymore, right? cough cough :D :wink:
We are here on Earth to do good to others. What the others are here for, I don't know.

User avatar
Thaidog
Posts: 182
Joined: Mon Dec 13, 2004 11:19 pm

Unread postby Thaidog » Fri Jan 14, 2005 5:19 pm

themacosxflies wrote:Thaidog, so you don't need that Tezro anymore, right? cough cough :D :wink:


It's such a nice machine... I would have more fun on it being artistic I think.... but it would be fun for hacking too.

User avatar
ian_finder
Posts: 180
Joined: Mon Jul 04, 2005 2:04 pm

Re: The Tezro as a security device

Unread postby ian_finder » Sat Jul 09, 2005 12:25 pm

Thaidog wrote:Wow the Tezro sure does have a lot of throughput... It occoured to me the other day that you could put the Tezro on my entire company's network (at our one building that is) and probably monitor all network traffic in realtime and maybe even decrypt and re-encrypt weak lotus mail encyrption on the fly with it.

Has anybody here heard of any organizations using the tezro for more than just NLE?


So what kind of software do you use to monitor that stuff automatically, and reencrypt stuff going in and out. I may want to try that on my LAN for fun. I know about ethereal and stuff, but that's not automatic out-of-the box.
:OnyxR: :Crimson: :Onyx: :O2000: :ChallengeL: :Onyx2: :PI: :Indigo2: :Indigo2IMP: :Indy: :Octane2: :Octane: :Indigo: :O2: :1600SW: :pdp8e: :Cube:

User avatar
DraconianTimes
Posts: 205
Joined: Fri Mar 05, 2004 4:39 am
Location: Leafy Surrey, UK

Unread postby DraconianTimes » Mon Jan 23, 2006 7:09 am

chervarium wrote:You CANNOT do that in a properly switched network environment (with separated VLANs, per-port authentication to activate the port, IPs-to-MAC-to-port maps, etc.). My switches will simply turn the offending port off upon sensing any illegal activities (expecting me to manually restart the port and LART the offender).


Bandwidth limitations aside, could you not configure one of the ports as a mirror/diagnostics port to copy all packets down to the chosen box for observation? (Much in the same way as many corps do for their IDS systems...)

User avatar
khalidschofield
Posts: 542
Joined: Thu May 06, 2004 6:18 am

Unread postby khalidschofield » Wed Jan 25, 2006 2:19 am

you can "sniff" properly switched networks as I do it :)

You need to look at arp database poisoning heehee. I do that here at oxford all the time when machine's do strange things on my subnet and they are in remote sites. I send them spoofed arp data saying I'm the router then I forward the packets to teh real router after sniffing them.

I uses arpspoof which is distributed in the gnu package "dsniff" also there is a mail sniffer in there but I have no such use for a mail sniffer (it's probably illegal to sniff mail too).
############################
Re-install with OpenBSD :)

User avatar
DraconianTimes
Posts: 205
Joined: Fri Mar 05, 2004 4:39 am
Location: Leafy Surrey, UK

Unread postby DraconianTimes » Thu Feb 09, 2006 3:44 am

khalidschofield wrote:... also there is a mail sniffer in there but I have no such use for a mail sniffer (it's probably illegal to sniff mail too).


In the UK that would an offence under Section 1 of the Computer Misuse Act 1990, plus probably also under RIPA and the HRA.

Nick.

User avatar
Annatar
Posts: 107
Joined: Fri Jun 25, 2004 5:12 am

Unread postby Annatar » Tue Feb 21, 2006 10:09 am

chervarium wrote:You CANNOT do that in a properly switched network environment (with separated VLANs, per-port authentication to activate the port, IPs-to-MAC-to-port maps, etc.). My switches will simply turn the offending port off upon sensing any illegal activities (expecting me to manually restart the port and LART the offender).
That doesn't surprise me. Gorthaur is a master smith.

User avatar
Thaidog
Posts: 182
Joined: Mon Dec 13, 2004 11:19 pm

Unread postby Thaidog » Tue Apr 04, 2006 12:09 pm

chervarium wrote:You CANNOT do that in a properly switched network environment (with separated VLANs, per-port authentication to activate the port, IPs-to-MAC-to-port maps, etc.). My switches will simply turn the offending port off upon sensing any illegal activities (expecting me to manually restart the port and LART the offender).


I would image it at least possible with the correct routing involved.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest