Beave

Agents of the Revolution
  • Content count

    349
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by Beave

  1. Hrmph. DDoS isn't "hacking" and it's lame. Botnets can be interesting, but not for what you want to do (malicious activity). You'd be better off spending your time on better ventures. IE - "real hacking". There's a ton of ways you can get involved which don't involve destruction and disturbance of services. Hardware hacking, System & network security, etc.
  2. A bit more details on the sofware (iincluding screen shots) can be found at: http://www.nightfall-software.com/telcoscan/help/index.html
  3. That's the problem with conference. It seems to me that when people call in, if they don't immediately hear someone, they hang up! You're best bet is to hang around for 10 minutes and wait for someone to join. It remind me of IRC.. someone comes into a #channel, asks a question. They wait 30 seconds, then leave the channel because "nobody" answered.
  4. Dealing with AT command sets is pretty straight forward (I wrote the needed to be updated iWar). As JFalcon pointed out, just because the cell can use AT command sets does not mean it can operate as a true "modem". When I say "modem", I'm referring to old school definition. Also, don't take what JFalcon is saying so dang hostile! He's simply questioning how the software works. Calm down. I've known JFalcon for many, many years now and he's probably one of the most knowledgeable be I know on the subject of Telecommunications. The guys _literally_ builds GSM networks/cell networks _for fun_. (OpenBTS/NanoBTS... look it up). So don't write him off simply because he has a couple of questions. It's all good! Aside from that, iWar does need to be updated sorely, but it'll deal just fine with AT command sets. It's also open source. Have a good one.
  5. Your best bet is to hit the snorby forums or irc channel (irc.freenode.net). Mephux - the author of snorby usually hangs out there with various other people that can probably help
  6. Telephreak.org is still around and has been running free confs for years
  7. After a bit of a hiatus, The Teleprheak BBS is back online. If you like old school style BBS'ing and shooting the shit about strange tech crap, the you might want to check it out. To reach the Telephreak BBS, simply ssh to "bbs.telephreak.org" as the user "bbs" (no password is required). ssh bbs@bbs.telephreak.org Let me know if you have any problems or questions.
  8. It's back online. If you SSH to bbs.teleprheak.org (as user bbs), you should be able to get back on.
  9. Sorry for the delay. I suspect it'll be back up soon. R0d3nt is moving the server to a new location and I'll pop it up back there. Once i do, I'll make sure and post here when it's back up.
  10. I'm suprised this hasn't come up on binrev yet! http://tinyurl.com/ydfvmwk [Link is SFW] This is the new Magicjack "femtocell" product due to release 2010 Q1, if it doesn't become vaporware. "MagicJack is demonstrating a device near the International Consumer Electronics Show this week that it claims will let consumers make VoIP calls using any GSM phone." Basically, it acts as a "cell tower" within your home operating on the GSM frequencies. It'll more than likely, based on other products, use a SIP back end similar to other Magicjack hardware/VoIP devices. They say it'll cost about $40.00 bucks (some please just say it'll be under $100.00 bucks). It will supposedly cover a 3000 sq ft. area. After attending 26C3 in Berlin and watching "GSM SRSLY?" talk, here: http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html It brings up some interesting ideas, and is certainly a lot cheaper than getting a USRP2/Gnu Radio up and running. The big questions in my mind are, will the "radio" side of this device be accessible from software? Oh god, I hope so. Even if it is not, it could still make for some fun and interesting playing. The Magicjack SIP devices have already been hacked out, so that side I'm not terribly worried about. I have some ideas about "how" it'll work. I suspect it'll operate much like the CCC "GSM" network at 26C3. That is, you'll have to force your phone to associate with the "Magicjack's cell tower". What'cha thing?
  11. Hello all, I've just released a new paper called, "Building wireless IDS systems using open source". The idea is to detect network level attacks using software like Snort, and layer 2 (wireless level) attacks using Kismet. Sagan brings it all together. Please check it out and let me know what you think. That article is at: http://sagan.softwink.com/papers/wireless-ids Thanks!
  12. Thanks everyone for the responses. I'm not a pfSense user, so I doubt I'll be doing that write up any time soon
  13. Howdy all, I've been working on a project for a while called "Sagan". Basically, Sagan is a correlation engine that can take Intrusion Detection/Prevention and log (syslog/snmptrap) information and correlate it down into one console. I was asked to give a presentation at the Jacksonville, Florida Northeast Florida ISSA. The below is a link to the video of that presentation, as well as documentation (PDF of the presentation, etc). It basically goes over the ideas and methodologies we used to write Sagan, and future support we plan on adding in. The link is at: https://www.softwink.com/papers/Sagan-NFISSA Please check it out if your interested in this type of thing. Sagan is completely open source (GNU/GPL v2). Thanks!
  14. The video is also up on SecurityTube! Woo. Love those guys. The link is: http://www.securitytube.net/Sagan-%28Log-Correlation-in-a-Snort-like-way%29-video.aspx
  15. Made it to the wonderful hotel penn! Anyways, if any one wants to hit me up, my GV number is (904) 270-9230.
  16. Howdy all, I'll be at HOPE this year giving the talk "PSTN Based Cartography" (war dialing). That'll be on Sat. (17th) @ 22:00 hours in the 'bell' room. I'll be talking about various tool and methods. Also, I'll be talking a little bit about iWar. No, it's not vaporware. It's fully multi-threaded, VoIP enabled (and hardware/network enabled!) with signal analysis engine. Unfortunately, it's probably not going to be released for another month or so. Depending on the amount of time I can work on it, of course. To get an idea of how it works, I've made a small demo video. This is running in multi-threaded mode, with CNAM lookup's enabled. About 63 numbers dialed in the short demo/video. Hope to see you at HOPE!
  17. One more video. This time, I'm having iWar go for speed. The call duration is a max of 45 seconds with CNAM database support disabled. There is no delay between spawning threads. In the last video, I had a 1 seconds delay between threads with CNAM lookups enabled. This is about 120 numbers dialed. This is using 50 threads.
  18. See you there Mr. StankDawg. It's always great seeing you at con's.
  19. Sagan release version 0.1.0 http://sagan.softwink.com Written by Champ Clark (AKA 'Da Beave') and the Softwink, Inc team Date: 06/24/2010 Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time! Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for detecting "bad things" happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan is meant to be used in a 'centralized' logging environment, but will work fine as part of a standalone Host IDS system for workstations. Sagan is fast: Sagan is written in C and is a multi-threaded application. Sagan is threaded to prevent blocking Input/Output (I/O). For example, data processing doesn't stop when an SQL query is needed. It is also meant to be as efficient as possible in terms of memory and CPU usage. Sagan uses a "Snort" like rule set: If you're a user of "Snort" and understand Snort rule sets, then you already understand Sagan rule sets. Essentially, Sagan is compatible with Snort rule management utilities, like "oinkmaster" for example. Sagan can log to Snort databases: Sagan will operate as a separate "sensor" ID to a Snort database. This means that your IDS/IPS events from Snort will remain separate from your Sagan (syslog/event log) events. Since Sagan can utilize Snort databases, using Snort front-ends like BASE and Snorby will not only work with your IDS/IPS event, but also with your syslog events as well! Sagan output formats: You don't have to be a Snort user to use Sagan. Sagan supports multiple output formats, such as a standard output file log format (similar to Snort), e-mailing of alerts (via libesmtp), Logzilla support and externally based programs that you can develop using the language you prefer (Perl/Python/C/etc). Sagan is actively developed: Softwink, Inc. actively develops and maintains the Sagan source code and rule sets. Softwink, Inc. uses Sagan to monitor security related log events on a 24/7 basis. Other Features: - Sagan is meant to be easy to install. The traditional, "./configure && make && make install" works for many installations, depending on the functionality needed and configuration. - Thresholding of alerts. Uses the same format as Snort in the Sagan rule set. - Attempts to pull TCP/IP addresses, port information, and protocol of rule set that was triggered. This leads to better correlation. - Can be used to monitor just about any type of device or system (Routers, firewalls, managed switches, IDS/IPS systems, Unix/Linux systems, Windows event logs, wireless access points, much more). - Works 'out of the box' with Snort front ends like BASE, Snorby, proprietary consoles, various Snort based reporting systems. - Sagan is 'open source' and released under the GNU/GPL version 2 license. For more information about Sagan, please see: Sagan web site: http://sagan.softwink.com
  20. http://risky.biz/lamo Podcast... Adrian talks about his motivations and why he did it. Some good questions get asked.
  21. Google is your friend. So are old text files. JFalcon and I have run into mucho DID's to X.28 PADs. It's just a matter of looking around. You might want to start looking for something well known like Datapac to get your feet wet on "how" to search around for that information. It's not really that hard.....
  22. If it's a MiTM attack, intercepting the VoIP traffic is pretty trivial. For example, Wireshark now days has a entire section for VoIP analysis. It also depends on if the VoIP-Fax gateway supports T.38 for fax, which might actually make it even easier. Sure, it _can_ be secured (SRTP, etc), but i've not seen providers who offer those features. Also, I'm not sure if things like SRTP apply if T.38 is used. SRTP is fine if you're doing faxes the "old" way (really doing modulation/demodulation), but probably don't apply to T.38. Then theres the matter that SRTP doesn't handlding the signaling (I'm assuming SIP is used). So that might be open for interception. So, don't forget TLS for SIP! .. Anyways, just some random thoughts.
  23. People get points for using cross-platform assembler (err, C) in situations like these? Must be for effort rather than productivity, safety or maintenance. Considering it's the language I'm most comfortable in and it is primary me who will be maintaining it, I don't mind so much ... And we all know, no "good" apps are ever, ever written in C any more... oh wait...
  24. I've found out dials on X.25 network, but to be honest, those don't interest me so much. With VoIP being so cheap, out dials just don't have the same appeal as they once did. However, I do love to run into the crazy, weird systems you'll see out there.
  25. Been to that site many times. Right now, Russia is the only place left, IMHO, that has a really active X.25 network. JFalcon and I where just talking about this the other night.