Friday, May 12, 2006

Layer 1 – “Security” Conference, April 15, 2006

The “hacker” community holds periodic conferences or “cons” to share tricks and techniques, impart practical and theoretical knowledge, socialize, drink, and have a good time. The big, well-known cons include Defcon (Las Vegas), HOPE (New York City) and the European Chaos Computer Club (Berlin). Local and regional events are held on a smaller scale.

Layer 1 is one such local con, held in the Los Angeles area every year since its first session 3 years ago. The 2006 con was held the weekend of April 15 (Easter). I was able to attend Saturday. My notes from the Saturday sessions include the following:

Ken Caruso – Seattle Wireless 6 years later
This community network uses RFC 3626 Optimized Link State Routing (OLSR) protocol. It is a mesh routing protocol that does not assume central control over routers. The protocol pro-actively builds network routes. A nice utility is available that creates SVG images of the network topology.

Seattle is up to 35 nodes. Not all of these nodes are interconnected. There are some “islands” of networks.

Some thoughts on the future of Seattle Community Wireless include:

  • OPN, “Other People’s Networks”, including open access points within the free network.

  • 802.11 power saving mode could be used to store messages, to be retrieved when the devices are polled later.

  • Use of 900 mHz cards, for better RF penetration.

  • Use of a Nocat captive portal to advertise the community network (and to display some basic acceptable use policies, legal disclaimers, etc).

  • Use a new captive portal, wifidog, to aggregate community information.

Ken’s Web site is . It has many links associated with his talk under the entry “LayerOne Talk Wrap Up”.

Enno Rey – MPLS Security
MPLS is the Multiprotocol Label Switch, specified in RFC 3031. MPLS is typically used in carrier networks. Layer 3 MPLS VPNs are used in enterprise networks, for traffic separation and segmentation (see RFC 2547 and RFC 2917).

Enno went through a number of attack scenarios against MPLS networks. These include replaying traffic and forging labels. The most credible scenarios required access to the MPLS core, specifically involving modifying labels to send traffic to the wrong VPN. Longer term, provision of Ethernet through MPLS will open up some interesting scenarios.

Luiz Eduardo Dos Santos – RFID Active Tags
Tags are distinguished as either UHF tags (passive, cheap legacy tags) and WiFi tags (longer range, more expensive, uses existing WiFi infrastructure). Basic technology behind these tags were discussed, and some potential attacks described.

Billy Hoffman – Covert Crawling
How do you crawl a Website without the owner knowing it was a bot? How do you get an automated program to look like normal human-based Web crawling? This is not as easy as it looks. Not only do you have to mimic human timing and attention to links, you also have to replicate rendering Web site objects and reference dynamic link information. One interesting suggestion is to hide your crawling inside the “slashdot effect”.

Paul Henry – Anti Forensics
Police are losing the forensics war against digital criminals. There are many tricks that can hide data inside ordinary storage without the most common forensic tools being able to discover. Data wiping routines are really getting good, they are cleaning out places where vestiges of the cleaned data could be inferred (such as the MFT). Specific mention was made of Evidence Eliminator, CyberScrub (for cleaning up email) and Metasploit’s anti-forensics project.