Attack Of The Dreamcasts

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."

Even scarier

[crumbz]

Is when someone hacks an iPod to do this. You could hide it in a wall and have an IEEE-1394 to 10base-T adapter with a cat-5 cable right into a patch panel in the wiring closet labeled D-103...

Did it.

[Skyshadow]

Back when I was in high school (1994 or '95), we put together a small 386 -- no case, no nothin' -- with a NIC and stashed it above the library computer lab. This was pretty much just to see if we could, which as I think about it seems like the reasoning behind most of what I did in high school. Well, at least the things I did in high school that didn't involve girls.

We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.

Of course, they didn't fix the basic problem or find our little friend. For all I know it's still running up above the 'ol drop ceiling -- we were to chicken to try and retrieve it. Of course, this was a private school, so the real joke was on us (the clue -- consultants were being paid for by our own stupid selves).

Did something similar

Near where I live there is this giant uber arcard called Playdium. Instead of using coins or tokens in the machines to get credits you swipe a little plastig card with a barcode on it through a reader. This reader in turn is hooked up to a solid-state machine running MSDOS which then contacts a MS SQL server to see if their is enough credit on the card and if there is it sends an authorization to the machine.

One day we decided that we wanted to get free video games. After scoping the place out we discovered that all the 10baseT ports that the video games plugged into were in fact patched into a 3com 3300 switch and were active. The network designers I guess figured it would be easier to activate all the ports instead of making some video game tech figure out how to patch stuff in.

We brought in a laptop with a long cat5 cable and looked for a place to plug it in where we wouldn't be noticed. Jurassic Park 3 has this little thing you sit in a close the blinds so the ambient light would stay out. It would do nicely.

We watching what we could with different packet sniffers (we were also very paranoid of getting busted) and were able to bring up the Switches web management system. We discovered that the video games use DHCP to get an address in the 10.10.x.x subnet and the video games also seem to contact a master server for configuration information. ie. How much does this game cost. By this time we had been sitting in Jurassic Park 3 for 2 hours and were getting REALLY paranoid. So we decided to try something malicious. We arp-spoofed/flooded everything we could see. An interesting thing happened. When the game control units can no longer talk to their master server, they go into 'free' mode. I guess this is in case there is a network failure. They'd rather lose a bit of money than piss of 100s of people. While our little program ran, every game in the place became free. So I thought to myself, why not just unplug the Cat5 cable for a game to make it free. That doesn't seem to work. I think this is because it needs to detect a link before it will go to free mode. Anyhoo, I guess the moral of this story is to have some kind of port security on your network ports in your business. or something :)

Wouldn't it be cheaper and just as effective

[pete-classic]

to just burn a CDR that boots Linux and does all the same stuff on a PC with any of the top X ethernet cards? Set it up to stubbornly ignore all keyboard input and never display anything on the screen. Write "coaster" on it with a black magic marker, drop it in some currently unused PC and hit power/reset and haul ass. Do it at 4:50 PM on a Friday and you'll probably have to 9:00 AM on monday to own some other box on a more permanent basis.

Hell, you might be able to modify a tomsrtbt to do this and wipe (or dd if=/dev/zero of=/dev/fd0; dd if=/dev/urandom of=/dev/fd0) the diskette once the ramdisk is loaded.

IOW, this whole thing strikes me as more of a "stunt" than a "hack."

-Peter

Java-based disposable ethernet board!

[dstone]

Take a look at the Dallas Semiconductor TINI. It's a Java runtime environment on a 72-pin SIMM, complete with ethernet, serial, I2C, parallel IO, battery up to 1 meg of NVRAM, filesystem emulated in RAM, etc, etc. You can write web or ftp services for it in a few lines of Java, thanks to the supplied classes. You develop your Java code on your PC, compile it to Java bytecode, and then FTP it up to the little TINI device. My description is not doing this hardware justice, so I'll leave some links below.

Anyways, my point is this type of device is probably easier to program than a Linux Dreamcast. It may or may not be cheaper (sub-$100). And it's a lot easier to hide, if that's the goal. I've programmed a handful of hobby projects with this board, and it's really quite amazing for the price. (Compared to trying to implement an TCP/IP stack on a PIC microcontroller, say.)

TINI hardware
TINI
TINI board resource center
more resources
DalSemi discussions