internet => linux pc (mitm) => router => client ?

[Lucifer]

would this work? I'm guessing it will, but how would I have to setup the routing part? could someone help me with those iptables?

an internet box, but instead of connecting it to the router, I want to put my backtrack system in between the router and the internet box, to sniff.

Thank you,

d.

[skidmarq]

I think what you are looking for is "echo 1 > /proc/sys/net/ipv4/ip_forward"

This will allow your Linux box to process and forward packets...

[pieface]

as skidmarq regarding ip_forward

Then use ettercap for your MIM.

[mfBaranian]

You should consider the type of connection between the router and the internet.

Internet(ISP) -> Router -> LinuxBox(mitm) -> Router -> Client
In this type of setup there's not much to it 'cause you're operating on a LAN connection.

Internet(ISP) -> LinuxBox(mitm) -> Router -> Client
However in this setup the WAN connection between the ISP and the Router takes the task to another level.

[xX_Spiidey_Xx]

You should consider the type of connection between the router and the internet.

Internet(ISP) -> Router -> LinuxBox(mitm) -> Router -> Client
In this type of setup there's not much to it 'cause you're operating on a LAN connection.

Internet(ISP) -> LinuxBox(mitm) -> Router -> Client
However in this setup the WAN connection between the ISP and the Router takes the task to another level.

I'm presently working on a mod of your variation #2:

Code:

Internets -> Smoothwall

Smoothwall --> DMZ -> MITM Linux Box - -> Router - - > Broadcasting (single) Open AP
        |                                    |   - - > Web Server
        | - - > Green LAN
        | - - > Apple Time Capsule - - > Green LAN computers

The aim of this network setup is to educate thieves by taking any packets that aren't destined for the Web Server (so anyone using the Open AP), and redirect them inside the MITM Linux box to a static HTML file, stating something like this:

"WARNING - In using Open Access points, your data (passwords, emails, chat conversations, etc) is UNENCRYPTED. Bad people do bad things with this information. You will not be able to access the internet through this router; This is a user education platform. Further, you have been redirected to this page because you were trying to steal internet from somebody who doesn't appreciate it. Stealing is a crime. Your MAC address has been recorded. Next time, be more cautious, and use YOUR OWN internet connection, thief."

Of course, I could just run the router on the MITM box, without connection to the DMZ, but what if I need to remotely manage the box? It's going to be headless, so it'd be *just a little* difficult to manage locally.

Now, for the legal aspect of this setup:

If I were to allow users to connect to the internet and cache data on them (I.E. websites they visit, google searches, emails), as far as I know, I am legally required (in some places; my lawyer's response is pending for Canadian Law) to publish a warning to the user, informing them that their activities are being monitored and stored, and provide my contact information.

A setup like this in a briefcase (or something like that) is very black hat (and quite likely very illegal), where you operate a "porta-net" from the case; bridging the adapter to an external ISP, and not saying a peep about it. This activity is NOT supported here.

Always remember to follow your local laws (and foreign, if you're operating out-of-country). If you are unsure about them, don't do it until you are absolutely certain, and have gotten legal advice from a legitimate source on the legality of this activity.

As previously stated, this is a work in progress, and won't go live until I've received legal advice from my lawyer.

[xX_Spiidey_Xx]

As for the legal perspective from a Canadian Lawyer, this is a grey area. Chances are that it wouldn't hold up in a court here, even if you had a disclaimer, and collected data from users connected to your AP.

Where this would be a valuable resource, however, is if you have a legitimately, intentionally "Free WiFi" AP, and need to have some evidence on hand should somebody connect to your AP and (let's say) download something like kiddy porn. Law enforcement, in cooperation with your ISP would see what was being downloaded on your IP. Where this becomes the clutch possession in the network scheme is the evidence that it was NOT indeed you, who downloaded said illegal (and downright immoral) material. Unfortunately, this PC would then become the property of law enforcement for evidence, and you still will probably find yourself in court explaining why.

Best course of action is to just avoid this completely. If you're still going to set up a fake AP, and want to be intelligent about it, do as I said previously and set it up standalone-style, with an internal redirect to a "user education" portal, which does not collect, process or store personal data.

Also of important note, is that I have cancelled all plans for building this. Besides that, I have much better things to do with spare computers and time 'round here.

[micole]

I have much better things to do with spare computers and time 'round here.

Like what may I ask? :P Still wanting to work on the "H4ckzor" button?

[Lucifer]

Spidey, thanks for your input.
I would only use this for testing purposes, out of curiosity, nothing illigal about that.
I'm going to try and set it up tomorrow.

ps: I don't know how much a visit to your lawyer costs, but here in belgium, it's about 375 dollar. for every visit. so I would only go there if my life depends on it.

.L

[Archangel-Amael]

ps: I don't know how much a visit to your lawyer costs, but here in belgium, it's about 375 dollar. for every visit. so I would only go there if my life depends on it.
.L

So based on the above one could postulate that you value your own life at 375 dollars.

[mfBaranian]

Also of important note, is that I have cancelled all plans for building this. Besides that, I have much better things to do with spare computers and time 'round here.

CUDA server, anyone?