iPhone Honeypot Project

June 19, 2010

Basic Bridge Plan

Previously, I had decided to create a bridge to aid in traffic logging. I did up a quick plan for this (attached below) and aim to use FreeBSD 8.0 as the OS. The concept is simple, the bridge is to act completely transparent so the attacker has absoutely no knowledge or suspicion in the fact that they are being passed through a bridge, thus allowing for complete network logging (with the exception of SSH, of course). The SSH issue will be another milestone to overcome. I have the use of a static IP address at home so I may as well put it to use.

The idea behind this is thus; a single static address on the router which is configured to pass-through connections to the bridge. The interface connecting to the router will have no IP assigned to it and will be configured to pass-through all connections through a second interface with the help of ipf (aka ipfilter – which will be compiled into the kernel). The second interface will connect to a wireless access point (AP) which will allow the iPhone to connect to the network. This is where I enter unfamiliar territory. The fact that the AP is connected to the bridge via a wired connection (cross over cable), the AP will appear to have the external address. This is not exactly what we want as the iPhone will have to utilise some network address translation (NAT) to obtain any external access which will be problematic.

To overcome this I propose amalgamating the wireless AP and the bridge into a single system. Thus, the second interface will in-fact become a ad-hoc interface utilising a prism2 chipset and the 2.4GHz spectrum. This can be achieved by replacing the second interface with a wireless card, compiling wireless support into the kernel and setting up the interface using wiconfig. By associating the iPhone with the bridge in ad-hoc mode and configuring ipf to pass-through all connections to the wireless interface I believe our objective can be met.

It’s now just a matter of convincing the family they’ll survive without the internet for a few days while I take apart the network. I’ll work on getting the bridge set up. I may have to visit my computer graveyard in the attic and throw together anything I can find.

1 Comment »

  1. I have found that OpenWRT (http://openwrt.org/) can combine most of the systems I need into a single solution (Ref: https://forum.openwrt.org/viewtopic.php?id=25339). I may test this by putting it onto my Linksys WAP56G (Ref: http://oldwiki.openwrt.org/Hardware(2f)Linksys.html), DSL –> Router –> iPhone. By bridging the DSL and WIFI interfaces, I can achieve exactly what i need and then just snap the packets to another physical port for data collection (or even collect via tcpdump). Tests will be conducted.

    Comment by anev — June 21, 2010 @ 11:02 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: