Hello BT community. I’ve had some conversations a while back with some members about honeynets and Single Packet Auth mechanisms and I thought I’d share a console based Single Packet application I have written. It works well on BT4 after installing a few libs. This application consists of a single packet authorization mechanism designed for the purpose of hiding semi-public services like a SSH server. There is a server side (Linux only) and a client side (both Windows and Linux).
It involves a client that creates a packet with a payload encrypted with the public half of two different RSA keys. The idea is that one key would be shared by all users and it would encrypt the user name of the individual. A second key specific to each individual user would encrypt a pre-shared key (just any old string, nothing secret about it really) and a timestamp (to counter replay attacks). The server would receive this packet and decrypt this first half of the packet…which would give us the user name of the person sending the packet. The server would then know which user specific second key to use to decrypt the pre-shared key and time stamp to evaluate them for acceptability. If all is good, then the server would open up a port for the semi-public service we were trying to conceal for a brief amount of time to allow for a connection to be made.
Yeah, it’s a little bit like using a cannon to kill a mosquito, but it puts some interesting theory to practical use. For anyone interested, I put up some documentation and all the source code at http://sourceforge.net/projects/simplespa/
There is some room for improvement on this for sure. I welcome any decent criticisms and opinions on this and SPA in general.
Last edited by Archangel-Amael; 01-17-2011 at 09:54 AM. Reason: Fixed URL