Securing Network TrafficWho+- Militant Internet Engineer, hacker, adventurist+- Member of Aberdeen's hackerspace, 57northhacklab [0]+- Research on Internet Protocols and APIs+- Transport Features of UDP (RFC8304)+- Transport Options for UDP (ietf-draft)+- Path Layer Path MTU Discovery (ietf-draft)+- FreeBSD Hacker+- Loads of kernel networking code+- Drivers for WiFi and other fun hardware+- Run the network for campgnd [1]This talk has been written in markdown with vim and uses mdp forpresentation. ASCII art has been 'borrowed' whenever possible.[0] 57north.org.uk[1] campgnd.com[tj] tj@enoti.me 1 / 28
Securing Network TrafficWhat?+- The make up of the network+- How we move stuff around+- Securing traffic+- Inspecting Traffic+- Causing trouble[tj] tj@enoti.me 2 / 28
Securing Network TrafficTotally unbiased view of the Internet___ ,'""""'.,""" """"' `.,' ,' `"""'.,' .-""`. ,-' `.,' ( ,' :,' ,' __, `.,""""' .' ;-. , ,' \ `"""".,' `-( `._(_,' )_ `.,' ,---. \ @ ; \ @ _,' `.,-""' ,' ,--'- `;' `.,' ,' ( `. ,' `.; ,' \ _,',' `.,' ; `--' ,' `.; `____... `78b `. The Internet ,' ,'; ...----'''' ) _.- .d8P `. ,' ,' ,'_....----''' '. _..--"_.-:.-' .' `. ,''. ,' `--'`" mGk "" _.-'' .-'`-.:..___...--' `-._ ,-"' `-'_.--' _.-' .' .' .' `"""""__.-'' _.-' .-' .' /[tj] tj@enoti.me 3 / 28
Securing Network Traffic------ _____/ \ ___\ ___/ ___--/- ___ / \/ / / / \/ / \__ //_ \/ THE INTERNET \ / ___ || ___ \/+--/ /\__ \ \ /\__ | /\ /____ / / | /_____/ ___ \/ /\\__ / / | |/ \____/ \ / //// / / // / /\ /-_-/\//-__-/ / // / \__// / / / //// / / // / // / // //// // / / / // / //// // // / // / // / / / / / / //// / / / // // / // ///// / / / / / //// / // / / // / / / /// /// / /// / /[tj] tj@enoti.me 4 / 28
Securing Network Traffic------ _____/ \ ___\ ___/ ___--/- ___ / \/ / / / \+--------+ / / \__ //_ \| Laptop |_______ / THE INTERNET \ / ___ |+--------+ \_____________ | ___ \/+--/ /_______\----->>\__ \ \ /+--------+ ________/ \__ | /| Phone |____/ \ /____ / / | /+--------+ _____/ ___ \/ /\\__ / / | |/ \____/ \ / //// / / // / /\ /-_-/\//-__-/ / // / \__// / / / //// / / // / // / // //// // / / / // / //// // // / // / // / / / / / / //// / / / // // / // ///// / / / / / //// / // / / // / / / /// /// / /// / /[tj] tj@enoti.me 5 / 28
Securing Network Traffic------ _____/ \ ___\ ___/ ___--/- ___ / \/ / / / \+--------+ / / \__ //_ \| Laptop |_______ / THE INTERNET \ / ___ |+--------+ \_____________ | ___ \/+--/ /_______\----->>\__ \ \ /+--------+ ________/ \__ | /| Phone |____/ \ /____ / / | /+--------+ _____/ ___ \/ /\\__ / / | |\____/ \ / //\ /-_-/\//-__-\|_/||||v+------------+| Web Server |+------------+[tj] tj@enoti.me 6 / 28
Securing Network Traffic------ _____/ \ ___\ ___/ ___--/- ___ / \/ / / / \+--------+ WiFi / / \__ //_ \| Laptop |_______ / THE INTERNET \ / ___ |+--------+ \_____________ | ___ \/+--/ /_______\----->>\__ \ \ /+--------+ ________/ \__ | /| Phone |____/ 4G \ /____ / / | /+--------+ _____/ ___ \/ /\\__ / / | |\____/ \ / //\ /-_-/\//-__-\|_/||| Ethernet|v+------------+| Web Server |+------------+[tj] tj@enoti.me 7 / 28
Securing Network Traffic------ _____/ \ ___\ ___/ ___--/- ___ / \/ / / / \+--------+ WiFi / / \__ //_ \| Laptop |_______ / THE INTERNET \ / ___ |+--------+ \_____________ |+------+ ___ \/+--/ /_______\----->>|ROUTER| \ \ /+--------+ ________/ +------+ | /| Phone |____/ 4G \ /____ / / | /+--------+ _____/ ___ \/ /\\__ / / | |\_+------+ / //|ROUTER|-_-/\//-__-+------+||| Ethernet|v+------------+| Web Server |+------------+[tj] tj@enoti.me 8 / 28
Securing Network Traffic------ +------+ _____/ \ _|ROUTER|___/ ___--/- +------+ +------+ \+--------+ WiFi / ^ _>|ROUTER| \| Laptop |_______ / THE INTERNET | _/ +------+ |+--------+ \_____________ |+------+ +--_/--+ ^ /_______\----->>|ROUTER|----->|ROUTER| +--|---+ /+--------+ ________/ +------+ +------+ |ROUTER| /| Phone |____/ 4G \ |______ | +------+ /+--------+ _____ \----\| _^ /\\__ v _/ |\_+------+ _/ //|ROUTER|_/-/\//-__-+------+||| Ethernet|v+------------+| Web Server |+------------+[tj] tj@enoti.me 9 / 28
Securing Network Traffictraceroute$ traceroute enoti.metraceroute to enoti.me (165.227.174.226), 64 hops max, 52 byte packets1 192.168.43.1 (192.168.43.1) 4.314 ms 2.592 ms 1.421 ms2 * * *3 172.23.64.209 (172.23.64.209) 46.068 ms 51.106 ms 54.242 ms4 172.23.98.4 (172.23.98.4) 56.458 ms 39.532 ms 41.227 ms5 172.23.111.1 (172.23.111.1) 38.973 ms 46.093 ms 42.720 ms6 * * *7 188.31.255.130.threembb.co.uk (188.31.255.130) 55.720 ms 40.025 ms 47.143 ms8 188.31.255.189.threembb.co.uk (188.31.255.189) 53.324 ms 51.023 ms 50.318 ms9 ae2.cr0-lon9.ip4.gtt.net (141.136.102.65) 48.488 ms 52.561 ms 38.907 ms10 et-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 55.498 mset-0-0-10-1.cr11-lon1.ip4.gtt.net (89.149.137.190) 42.703 mset-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 52.967 ms11 * * *12 * * *13 * * *14 * * *[tj] tj@enoti.me 10 / 28
Securing Network TrafficNetworks are like ogres+----+|DATA|+----+[tj] tj@enoti.me 11 / 28
Securing Network TrafficNetworks are like ogres+-APP--+|+----+|||DATA|||+----+|+------+[tj] tj@enoti.me 12 / 28
Securing Network TrafficNetworks are like ogres+-TRANSPORT-+| +-APP--+ || |+----+| || ||DATA|| || |+----+| || +------+ |+-----------+[tj] tj@enoti.me 13 / 28
Securing Network TrafficNetworks are like ogres+----NETWORK---+| +-TRANSPORT-+|| | +-APP--+ ||| | |+----+| ||| | ||DATA|| ||| | |+----+| ||| | +------+ ||| +-----------+|+--------------+[tj] tj@enoti.me 14 / 28
Securing Network TrafficNetworks are like ogres+------LINK------+|+----NETWORK---+||| +-TRANSPORT-+|||| | +-APP--+ ||||| | |+----+| ||||| | ||DATA|| ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------+[tj] tj@enoti.me 15 / 28
Securing Network TrafficSecurity+- GSM (4G/3G)+- WiFi+- WEP+- WPA+- WPA Enterprise+- Tunnels+- VPN+- IPSec+- TLS+- GPG[tj] tj@enoti.me 16 / 28
Securing Network TrafficGSM and WiFi+------LINK---🔒 --+|+----NETWORK---+||| +-TRANSPORT-+|||| | +-APP--+ ||||| | |+----+| ||||| | ||DATA|| ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------++------+ 🔒 +------+ +------+ +------+ 🔒 +------+| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |+------+ +------+ +------+ +------+ +------+[tj] tj@enoti.me 17 / 28
Securing Network TrafficIPSec+------LINK------+|+----NETWORK-🔒 -+||| +-TRANSPORT-+|||| | +-APP--+ ||||| | |+----+| ||||| | ||DATA|| ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------++------+ +------+ +------+ +------+ +------+| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |+------+ +------+ +------+ +------+ +------+-----🔒 --------🔒 --------->[tj] tj@enoti.me 18 / 28
Securing Network TrafficVPN+------LINK------+|+----NETWORK---+||| +-TRANSPORT🔒 +|||| | +-APP--+ ||||| | |+----+| ||||| | ||DATA|| ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------++------+ +------+ +------+ +------+ +------+| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |+------+ +------+ +------+ +------+ +------+-----🔒 --------🔒 --------->[tj] tj@enoti.me 19 / 28
Securing Network TrafficTLS+------LINK------+|+----NETWORK---+||| +-TRANSPORT-+|||| | +-APP🔒 -+ ||||| | |+----+| ||||| | ||DATA|| ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------++------+ +------+ +------+ +------+ +------+| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |+------+ +------+ +------+ +------+ +------+--------🔒 ---------🔒 ---------🔒 -------🔒 -------🔒 -------🔒 -------->[tj] tj@enoti.me 20 / 28
Securing Network TrafficGPG (Talking in codes)+------LINK------+|+----NETWORK---+||| +-TRANSPORT-+|||| | +-APP-++ ||||| | |+----+| ||||| | ||🔒 🔒 🔒 🔒 || ||||| | |+----+| ||||| | +------+ ||||| +-----------+|||+--------------+|+----------------+$ gpg --decrypt file.txt[tj] tj@enoti.me 21 / 28
Securing Network TrafficTLS/SSL - Transport Layer SecurityOriginally 'secure socket layer', gives you a shim to stick between yourapplication and your network socket and provides all the encryption goodness™for you.+-------------+ +--------+ +----------+| Application | | SOCKET |------------>| INTERNET |+-------------+ +--------+ +----------++-------------+ +-----+ +--------+ +----------+| Application |->| TLS |->| SOCKET |------------>| INTERNET |+-------------+ +-----+ +--------+ +----------+[tj] tj@enoti.me 22 / 28
Securing Network TrafficEnd to End securityAdvice+- Demand End to End security+- Use a plugin for SSL Everywhere to fix your browser+- Only use TLS IRC+- Configure your email to use TLS+- Use a VPN to protect yourself from bad applications+- The VPN Endpoint can see everything you do+- Pay money to expect better treatment+- Host the endpoint yourself+- Don't trust anyone when you want confidentiality+- Manually encrypt with GPG+- USE SIGNAL+- Nothing in this talk deals with privacy+- USE TOR[tj] tj@enoti.me 23 / 28
Securing Network TrafficInspecting Traffic+- tcpdump [0]| +- On a sensible system it is already installed| +- install the package in debian| +- ideal tool to create pcaps on small boxes| +- whats going on?| +- tcpdump -i wlan0 -XX+- wireshark [1]+- Wireshark is the world’ s foremost and widely-used network protocol analyzer.+- everything tool for dealing with network traffic (and bluetooth, usb...)+- tshark on the command line+- easy to script with pyshark[0] https://www.tcpdump.org/tcpdump_man.html[1] https://www.wireshark.org/[tj] tj@enoti.me 24 / 28
Securing Network TrafficCausing Trouble+- firesheep [0]| firesheep was a Firefox extension that demonstrates HTTP session| hijacking attacks. It led to tls on facebook and gmail.+- aircrack [1]| Aircrack-ng is a complete suite of tools to assess WiFi network| security.+- bettercap [2]| bettercap is a complete, modular, portable and easily extensible MITM| tool and framework with every kind of diagnostic and offensive featureyou could need in order to perform a man in the middle attack.[0] https://codebutler.github.io/firesheep/[1] http://www.aircrack-ng.org/doku.php[2] https://github.com/evilsocket/bettercap[tj] tj@enoti.me 25 / 28
Securing Network TrafficQuestionsThanks for Listening[tj] tj@enoti.me 26 / 28
Securing Network TrafficQuestionsThanks for Listening - buffer slide[tj] tj@enoti.me 27 / 28
Securing Network TrafficCommand$ MDP_LIST_OPEN1=' ' MDP_LIST_OPEN2=' ' \MDP_LIST_OPEN3=' ' MDP_LIST_HEAD1=' - ' \MDP_LIST_HEAD2=' - ' MDP_LIST_HEAD3=' - ' \mdp -tif securenetworking.md[tj] tj@enoti.me 28 / 28