zlacker

[return to "IoT hacking and rickrolling my high school district"]
1. bfirsh+zg[view] [source] 2021-10-12 21:10:41
>>revico+(OP)
Reminds of me my school leaving prank. I rewrote the whole internet on my school's computers. Google's logo became "Leavers '08", Facebook became "Hatebook" and was red, YouTube only played videos of cats, amongst other things.

These were the days when nothing had SSL, so you could just intercept and rewrite traffic!

My only requirement was: do no actual damage

It was implemented as a Debian live CD that you could drop into any school computer. It would boot up, then Ettercap would MITM the whole network by spoofing the router. It routed all HTTP traffic via Squid and a custom ICAP server that did the actual rewriting. If you removed the live CDs, the network just went back to normal within a couple of minutes.

Routing the whole school's network through one old Pentium machine wouldn't work though, so I figured out a way of doing distributed load balancing: it would do the ARP spoofing slowly and randomly. So, as you added more machines, it would just magically balance between them.

It worked great for about an hour then whole network mysteriously stopped working for the rest of the day. I left all the live CDs in the computers as a calling card.

Sorry, school network admins.

◧◩
2. kortil+5D[view] [source] 2021-10-12 23:48:14
>>bfirsh+zg
Unless you had a special case for the hijacking machines to ignore the spoofed ARPs, the whole thing probably fell apart when they ended up with a loop between each other rather than a path to the real gateway.
◧◩◪
3. bfirsh+OD[view] [source] 2021-10-12 23:53:25
>>kortil+5D
Oh, yeah. That's a very good point. That's probably why it stopped working. I always thought the network admins pulled the plug assuming they'd been hacked.
◧◩◪◨
4. WrtCdE+AE[view] [source] 2021-10-13 00:00:00
>>bfirsh+OD
That's a common issue with distributed systems.

Something has to be "the leader" and you need a system for choosing a new one once the old one is offline for a certain amount of time.

Add in a sprinkling of how to figure out if you have more than one leader active at a time.

◧◩◪◨⬒
5. bfirsh+GH[view] [source] 2021-10-13 00:29:48
>>WrtCdE+AE
Would it have needed leader election though? It's a stateless system. It might have been enough to ignore spoofed ARP replies, or to not attack machines of its own kind.
◧◩◪◨⬒⬓
6. cinque+hg4[view] [source] 2021-10-14 04:20:53
>>bfirsh+GH
Yeah, even in state systems, i think some sort of gossip protocol could work as long as the part of the state is being decided on is not in contention with another nodes response during a round of sampling.
[go to top]