Security through LiveCD
Tonight I hopped on my computer only to find my internet connection crawling. I checked a few system processes on my XP box here, and didn’t find anything suspicious. Then I noticed the “Wireless” LED on my router having a small seizure. As I don’t have any Wireless devices, I was quite annoyed to find “Ivan307″ leeching my connection.
At first I simply reconfigured my router to disconnect him, and removed my wireless antennae. Problem solved, right? Well, it seems odd that I should have to do something like that, and after a bit of thought I remembered all the fun I used to have with that little wonder of a tool named Ettercap. Quickly I had visions of figuring out the guy’s AIM screenname and flooding him, or getting his email account passwords. Nothing malicious, mind you, just enough to scare him into the knowledge of “Nothing is free, especially from me.”
Well, you dig around just a big and you’ll quickly find that Ettercap on Windows is a formidable challenge, made more difficult with each Service Pack. There are other options, like Cain & Abel, but still they’re just not as robust as the Linux equivalents. I wasn’t about to try and install Linux on my machine just to teach this guy a lesson, but then I remembered another neat tool: LiveCD.
So I’m currently downloading Pentoo (Knoppix, but Gentoo based and smaller). I’ll let ya know how it goes, if I ever do anything. For all you LiveCD & SysAdmin folks out there, you might also wanna check out BartPE, what seems to be a nice LiveCD for Windows system.
Update: It works great. Pentoo booted up to a nice FrameBuffered console window with Ettercap and a bunch of other stuff ready to go. It autodetected my mouse, my network, and lots of other stuff and was ready to go. Just a few seconds later I was sniffing my Vonage link with no problems. Unfortunately, since my WAP = my Router, it seems I’m not able to use ARP Poisoning to sniff that link. But I do have another Access Point, a Linksys WAP11 that I bought a few years ago, that I could hook up. That I know I could sniff, since it would still have to be routed separatly via the Switch. Now it’s just a matter of how badly do I want to know what the guy was doing. Although, I might do it just to sniff out some of my PocketPC doings, like ActiveSync.
