elasticsearch

2 Articles

This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us

September 20, 2019 by 18 Comments

VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways.

Feel like alphabet soup yet? A Denial of Service attack is one where the target is simply made unavailable, rather than actually compromised. The classic example of this is the SYN flood, where an attacker would open hundreds of connections to a web server at once, exhausting the server’s resources and interrupting legitimate use of that server. As mitigations for these attacks were developed (SYN Cookies, for example), DoS attacks were replaced by Distributed Denial of Service (DDOS) attacks. Rather than attack a weakness on the target machine, like available RAM or CPU cycles, a DDoS generally targets available network bandwidth by hitting the target website from many, many locations at once. No clever software tricks can help when your Internet connection is fully saturated with junk traffic. Continue reading “This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us”

The Cat, The Aircraft, And The Tiny Computer

March 4, 2019 by 29 Comments

Sharing your life with a cat is a wonderful and fulfilling experience. Sharing your life with an awake, alert, and bored cat in the early hours when you are trying to sleep, is not. [Simon Aubury] has just this problem, as his cat [Snowy] is woken each morning by a jet passing over. In an attempt to identify the offending aircraft, he’s taken a Raspberry Pi and a software-defined radio, and attempted to isolate it by spotting its ADS-B beacon.

The SDR was the ubiquitous RTL chipset model, and it provided a continuous stream of aircraft data. To process this data he used an Apache Kafka stream processing server into which he also retrieved aircraft identifying data from an online service. Kafka’s SQL interface for interrogating multiple streams allowed him to untangle the mess of ADS-B returns and generate a meaningful feed of aircraft. This in turn was piped into an elasticsearch search engine database, upon which he built a Kibana visualisation.

The result was that any aircraft could be identified at a glance, and potential noise hotspots forecast. Whether all this heavy lifting was worth the end result is for you to decide, however it does provide an interesting introduction to the technologies and software involved. It is however possible to monitor ADS-B traffic considerably more simply.

Thanks [Oleg Anashkin] for the tip.