Upside-Down-Telnet.pdf

7/27/2019 Upside-Down-Telnet.pdf

1/6

My neighbours are stealing my wireless internet access. I could encrypt it or alternately Icould have fun.

I'm starting here by splitting the network into two parts, the trusted half and the untrustedhalf. The trusted half has one netblock, the untrusted a different netblock. We use the DHCPserver to identify mac addresses to give out the relevant addresses.

/etc/dhcpd.conf

ddns- updates of f ;ddns- updat e- st yl e i nt er i m;aut hor i t at i ve;

shared- net work l ocal {

subnet * . *. *. * net mask 255. 255. 255. 0 {range * . * . * . * * . * . * . * ;opt i on rout ers * . * . * . * ;opt i on subnet - mask 255. 255. 255. 0;opt i on domai n- name "XXXXX";opt i on domai n- name- servers *. *. *. *;deny unknown- cl i ent s;

host t r ust ed1 {har dwar e et her net *: *: *: *: *: *;f i xed- addr ess *. *. *. *;

}}

subnet 192. 168. 0. 0 net mask 255. 255. 255. 0 {r ange 192. 168. 0. 2 192. 168. 0. 10;opt i on r out ers 192. 168. 0. 1;opt i on subnet - mask 255. 255. 255. 0;opt i on domai n- name- ser vers 192. 168. 0. 1;al l ow unknown- cl i ent s;

}}

IPtables is Fun!

Suddenly everything is kittens! It's kitten net.

/ sbi n/ i pt abl es - A PREROUTI NG - s 192. 168. 0. 0/ 255. 255. 255. 0 - p t cp - j DNAT - - t o- dest i nat i on 64.

For the uninitiated, this redirects all traffic to kittenwar.

For more fun, we set iptables to forward everything to a transparent squid proxy running onport 80 on the machine.

/ sbi n/ i pt abl es - A PREROUTI NG - s 192. 168. 0. 0/ 255. 255. 255. 0 - p tcp - m t cp - - dpor t 80 - j DNAT - -

That machine runs squid with a trivial redirector that downloads images, uses mogrify toturn them upside down and serves them out of its local webserver.

The redirection script

ide-Down-Ternet http://www.ex-parrot.com/pete/upside-down-ternet.html

6 04-03-2013 22:49


2/6

#! / usr/ bi n/ per l$| =1;$count = 0;$pi d = $$;whi l e ( ) {

chomp $_;i f ($_ =~ / ( . * \ . j pg) / i ) {

$ur l = $1;system( "/ usr / bi n/ wget ", "- q", "- O", "/ space/ WebPages/ i mages/ $pi d- $count . j pg",system( "/ usr / bi n/ mogr i f y", "- f l i p", "/ space/ WebPages/ i mages/ $pi d- $count . j pg") ;pr i nt "ht t p: / / 127. 0. 0. 1/ i mages/ $pi d- $count . j pg\ n";

}el si f ( $_ =~ / ( . * \ . gi f ) / i ) {

$ur l = $1;system( "/ usr / bi n/ wget ", "- q", "- O", "/ space/ WebPages/ i mages/ $pi d- $count . gi f ",syst em( "/ usr / bi n/ mogr i f y", "- f l i p", "/ space/ WebPages/ i mages/ $pi d- $count . gi f ") ;pr i nt "ht t p: / / 127. 0. 0. 1/ i mages/ $pi d- $count . gi f \ n";

}el se {

pri nt "$_\ n"; ;}$count ++;

}

Then the internet looks like this!


6 04-03-2013 22:49


3/6


6 04-03-2013 22:49


4/6

And if you replace flip with -blur 4 you get the blurry-net


6 04-03-2013 22:49


5/6

I made xkcd - how cool is that ?


6 04-03-2013 22:49


6/6

Here's an email I received from Fraser at kittenwar,

Hi Pet e,Apol ogi es f or t he unsol i ci t ed mai l , but I t hought I ' d dr op you a l i ne t osay how much I l i ke your Upsi de- Down- Ter net advi ce f or conf usi ng wi r el esst hi eves.

Ever y so of t en I r ecei ve extr emel y i r at e e- mai l s f r om peopl e cl ai mi ngt hat my Ki t t enwar si t e i s pl ayi ng host t o some ki nd of nef ari ous vi r uspr event i ng t hemf r omaccessi ng t he web, accusi ng me of pr act i si ng al lsor t s of dar k ar t s - t o whi ch I pol i t el y r espond t hat I ' m t er r i bl y sor r y,but t hi s onl y usual l y happens t o peopl e who ar e usi ng someone el se' swi r el ess connecti on, and poi nt i ng them i n t he di r ecti on of your si t e.

Thi s has happened dozens of t i mes over t he l ast f ew year s, and you knowwhat ? None of t hemhave ever got back t o me af t er I poi nt t hi s out .

It seems that the kernel.org team also turned their bit of the internet upside down.kernel.org

gotmi1k has redone this page for the Web 2.0 generation and turned the entire technicalexplanation into a video. They did write some more scripts for messing about with theimages and I must confess that the asciiart filter and time machine options are particularlyinspired.

Home


Upside-Down-Telnet.pdf

Documents

Transcript of Upside-Down-Telnet.pdf