Basic Bridge Plan

Previously, I had decided to create a bridge to aid in traffic logging. I did up a quick plan for this (attached below) and aim to use FreeBSD 8.0 as the OS. The concept is simple, the bridge is to act completely transparent so the attacker has absoutely no knowledge or suspicion in the fact that they are being passed through a bridge, thus allowing for complete network logging (with the exception of SSH, of course). The SSH issue will be another milestone to overcome. I have the use of a static IP address at home so I may as well put it to use.

The idea behind this is thus; a single static address on the router which is configured to pass-through connections to the bridge. The interface connecting to the router will have no IP assigned to it and will be configured to pass-through all connections through a second interface with the help of ipf (aka ipfilter – which will be compiled into the kernel). The second interface will connect to a wireless access point (AP) which will allow the iPhone to connect to the network. This is where I enter unfamiliar territory. The fact that the AP is connected to the bridge via a wired connection (cross over cable), the AP will appear to have the external address. This is not exactly what we want as the iPhone will have to utilise some network address translation (NAT) to obtain any external access which will be problematic.

To overcome this I propose amalgamating the wireless AP and the bridge into a single system. Thus, the second interface will in-fact become a ad-hoc interface utilising a prism2 chipset and the 2.4GHz spectrum. This can be achieved by replacing the second interface with a wireless card, compiling wireless support into the kernel and setting up the interface using wiconfig. By associating the iPhone with the bridge in ad-hoc mode and configuring ipf to pass-through all connections to the wireless interface I believe our objective can be met.

It’s now just a matter of convincing the family they’ll survive without the internet for a few days while I take apart the network. I’ll work on getting the bridge set up. I may have to visit my computer graveyard in the attic and throw together anything I can find.