Im Rahmen der DefCon präsentierten Alex Pilosov und Tony Kapela einen interessanten Beitrag zum Thema Routing Security. Der Vortrag ist als PowerPoint File verfügbar.

Wired nennt das ganze das größte Sicherheitsloch des Internets, bei Heise läuft die Schlagzeile unter dem Titel Router lügen nicht. Read the rest of this entry »

Some users might realize that their Macs do prioritise the Wireless connection via Airport over the Ethernet connection.

This doesnt make sense at all, but if it happens to you too its solved quite easy

• Open System Preferences
• Navigate to Network
• Select the Drop Down element at the bottom of the left-sided network-devices list
• Select: Set Service Order
• Reorder the list & done

Some images:

As you can see, my Mac Pro has no wireless device, so i can only organize my 2 ethernet devices and firewire

Stumbled upon Bonjour Browser for Mac OS X.

Quote from the project page:

An application that lets you browse all the Bonjour services available on your local network. This application will show you all the known Bonjour services available and what computers have them, along with any extra information given with the service. Comes complete with a list of known services and also lets you add your own.

Works great for me (using 10.5 and FreeNAS here)

My collegue showed my MacOrchard.com as we were discussing about good ftp-clients.

MacOrchard seems to be a good platform if you are looking for a specific application category but don’t know a specific app itself or if you are looking for a quick overview / review / comparison

It features the following categories:

• Chat & Talk
• Classics
• Connectivity
• Email
• File Transfer
• Helper
• MUSH/MUD
• Network
• Older Protocols
• Other
• RSS
• Server
• Sharing
• Terminal
• Usenet
• Web Browsers

Christina Hornung has published a Mac OS X Leopard native Wireshark Installer Package on this website.

It is based on GTK, so you dont need X11.

He offers builds for PPC, Intel. Tiger releases are available too. So grab them….

Some basic informations about WireShark from wiki:

Wireshark is a packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. In June 2006 the project was renamed from Ethereal due to trademark issues.

The functionality Wireshark provides is very similar to tcpdump, but it has a GUI front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network card into promiscuous mode.

Wireshark uses the cross-platform GTK+ widget toolkit, and is cross-platform, running on various computer operating systems including Linux, Mac OS X, and Microsoft Windows. Released under the terms of the GNU General Public License, Wireshark is free software.

I was looking for something similar to iptraf for OSX

Finaly got it…its called iftop

AFP548 offers an installer here

Iftop is a cli-based application which needs admin-privs.

Based on a question in #Macintosh in irc.quakenet.org here the short solution for the MTU question in OSX Tiger.

In this small example we use my internal ethernet device:

1. From the Apple Dock, choose System Preferences.
2. Select the Network pane.
3. From the Show pop-up menu, choose Built-in Ethernet.
4. Click the Ethernet tab.
5. From the Configure pop-up menu, choose Manually (Advanced).
6. Select the radio button for Custom.
7. In the field to the right of Custom, enter your new setting. Some ISPs may have a specific suggested MTU value. If you’re changing it without a specific recommendation, make incremental changes such as 1500 to 1400 to 1300, and so forth.

Apple offers a much more detailed documentation on this, so continue reading there.

Today my collegue found an interesting software for OSX called: MarcoPolo

Basicly it looks like that:

Growl-Support:

Short quote about the application itself:

MarcoPolo brings context-aware computing to your portable Mac computer. It allows your computer to determine its context through gathering evidence from your environment (evidence sources), using flexible rule-based fuzzy matching to make an educated guess (rules), and then performing arbitrary actions upon changing context (actions).

MarcoPolo’s concept of contexts is a generalisation of a location, and encompasses more than just where your computer is. A context might represent what you are doing, or what else is going on around you.

MarcoPolo quietly stays in the status bar at the top of your screen (right-hand side of the menu bar), from where it can be configured to your own needs.

Gonna test it, but i think it could offer some nice help for your mobile mac….

If you are interested in WiFi sniffing you might know Kismet. I guess it is the most comman application for Linux users. After my switch to Apple computers i was wondering if there are similar applications.

Basicly there is an application called KisMac. You can get compiled Universal binaries from the project download section. The main problem with those files is, that you dont get the lastest development state form the Kismac project using that way. I was trying to get passive mode working on my Intel MacBookPro using the latest .dmg release and it was not working.

According to the KisMac Wiki/FAQ in there Trac System it is not really supported for Intel MacBooks right now. Even a short discussion with some dev’s gave me the same result. It will not work.

Well lets see

To get it working you have to follow these steps:

1. Get Subversion for your mac
2. Get XCode for your mac
3. Download the latest Kismac trunk out of the project Trac Subversion repository
4. Compile Kismac yourself
5. Run KisMac as admin and change some preferences
6. Enjoy passive mode sniffing using your KisMac build

Now lets describe that a bit more detailed

Step 1 - Get Subversion for your mac

As first step you need a working subversion on your mac. A good place to start getting informations regarding subversion is Subversion.Tigris.org and for sure Wikipedia.

As using subversion on a mac seems to be still not that common here a short summary. There are several clients, all not really that good. A comman way is using FINK or MacPorts to get Subversion on your Mac.

Best and fastest way in my case was to get some compiled Subversion Package from the page of Martin Ott and just using the basic terminal-based function of the SVN-Client. In my case i got a package called subversion-1.4.3.pkg.

Finally install the .pkg and continue with Step 2.

Step 2 - Get Xcode for your mac

I guess you already have Xcode & Developer tools installed, if not, insert your Apple Install CD/DVD and install it from there.

Another solution would be an ADC Account and downloading the lastest release directly from Apple. The basic account should be free.

Lets assume you have XCode now, lets continue with Step 3

Step 3 - Download the latest Kismac trunk out of the project Trac Subversion repository

As you have subversion now installed on your Mac, lets check if it is working. The target is to get the latest Subversion Trunk from the Kismac project.

Open Terminal.app and enter the following command.

svn co https://svn.binaervarianz.de/kismac/trunk/ desired target path/folder

So i did:

svn co https://svn.binaervarianz.de/kismac/trunk/ /Users/fidel/DEV/subversion/kismac

to get the files to my development folder. There is also a Web-access to the trunk files, but i dont like that way.

To finish this step make sure you have all files offered at the mentioned Web-access in somewhere on your mac

Step 4 - Compile Kismac yourself

Now its time to compile the KisMac source. The project developers made that really basic, so even not-programmers can handle that step.

Just double-click the file compile.command. It should open a Terminal windows and you should see the compile progress. If you are interested in the compile.command itself, take a look on it here.

Lets assume the compile worked without an error output. In my case it was the 228 Revision of Kismac. You should have a build-folder inside your downloaded trunk files. This build-folder includes a folder called Universal. Your fresh compiled Kismac version is located there.

Step 5 - Run KisMac as admin and change some preferences

Run your new Kismac build. Afaik you should run KisMac as OSX user with admin rights. If you start a scan now its still in active mode, which is not that interesting

Switch to KisMac preferences, goto Driver and select Apple airport Extreme Card, passive mode and finish this setting pressing the add button.

It makes sense to check all other settings too, but basicly you have a working passive mode now. It is important to mention that Injection is still not working on Macbooks but ok. Lets see how KisMac develops

Step 6 - Enjoy passive mode sniffing using your KisMac build

Now lets start your first passive scan using KisMac. Just press the Start scan button at the main window.

Some final link/information you maybe need:

• KisMac FAQ

I hope everything is working and you feel happy. enjoy it

Best regards
fidel

You can enable windows File Sharing on your Mac there:

• System Preferences
• Internet & Networking
• Sharing
• Select and enable Windows sharing
• Additionally check the Acounts.. button in this menu

Regarding sharing the application SharePoints sounds interesting, more on this later.

Now you maybe want to define the same workgroup-name like your windows-machine uses:

• Applications
• Utilities
• Directory Access
• SMB/CIFS
• Configure

The workgroup name itself can be changed geek-like too. Open terminal.app and insert the following command:

sudo vi /etc/smb.conf

Edit the WORKGROUP line in this config file, save it and feel happy.

Best regards
fidel