Capturing without being root

It is sometimes necessary to capture the content of network traffic. Most people use a tool like wireshark or tcpdump to do that. Since these tools have the need to listen in promiscuous mode to the network interface, most people run them as root. Wireshark has had a lot of vulnerabilities in the code, which is unavoidable with the enormous amount of protocols being supported by reverse engineering. They have taken steps in the past to mitigate the impact of vulnerabilities by using a separate tool, dumpcap, which has a much smaller and simpler codebase.

Still, most people run wireshark as root, ‘because then it works’. Right, Gerald Combs has written an article on how to configure your system with capabilities so you don’t have to run wireshark as root any more. It works by granting users you want to be able to capture, the capability of being able to capture. That simple.

SCADA Honeypot

I really like the idea of a SCADA honeypot. John Strand live-demoes a SCADA Honeypot. It uses several services which can later on be used to demonstrate (and lure an attacker) the life inside a SCADA universe.

You can download the SCADA Honeypot from here.

From the scadahoneynet site:

[The] goal of this project is to provide tools and to simulate a variety of industrial networks and devices. We see several uses for this project:

  • Build a HoneyNet for attackers, to gather data on attacker trends and tools
  • Provide a scriptable industrial protocol simulators to test a real live protocol implementation
  • Research countermeasures, such as device hardening, stack obfuscation, reducing application information, and the effectiveness network access controls.

Summer Cleaning

Today I finally got around to cleaning my desk at home. It had become cluttered with all sorts of stuff. You probably know, old bills, new bills, a used password list (only one of them has been sort of correct), leaflets received during a trade show, etc. I was wondering myself how much information about me, good and bad, could be derived from the assorted clutter.

It’s quite scary and a reminder for myself that I should be more careful when leaving stuff on my desk. I know all the risks of garbage dumpers and people coming in and slicing and dicing your personal life (been there, done that) but it takes some mental effort to be aware of your own clutter.

So, back to cleaning the desk and keeping it clean.

Holiday tips

When everyone is going on holiday, I’ve seen a number of sites with some helpful holiday tips:

  • Symantec: Safe Summer Travels on the Information Superhighway. Generic tips that are valid at any time, not only during the summer holidays. If would be specific if it at least mentioned the hazards of your laptop/pda/phone falling into the pool/lake/sea.
  • Washington Post: Travelers’ laptops may be detained. The Post runs an article on all the privileges given to the US Customs and Border patrol. They are outrageous, but, in all reality, any border patrol or customs service has the same capabilities. What’d be interesting is how often personal electronic belongings are kept at the border? If they kept any laptop coming across the border, there wouldn’t be enough time in a day to analyze them all from one flight. If you’re concerned about this, either don’t go across the border or bring a clean laptop and transport the data via the internet and VPN at a later date.
  • has an article about how you can lower the chance of being involuntary being separated from your gear.