Archive for October 2008
In my line of work there is a regular need to generate some network traffic, whether it’s just background noise or attack data the general requirements are the same.
- Conjure up network traffic out of the ether
- Have a method of exposing the traffic it to a monitoring system
- Audit the monitoring systems categorization of the data – Did it correctly detect the data as clean or dirty.
- Be portable.
- I have many methods of doing this in my work or home test lab’s but not on the road where I need it the most.
- Help out others with similar problems
- I regularly get asked by people if I have a tool to achieve this, and I want to answer with a “Sure, take a copy of this”
After some tough thought, the best solution I came up with is a bootable USB stick that “just works”.
I thought I would walk through the steps taken to create this, followed by a downloadable image of the tool.
Consider this post part-1 in a series: Building the platform.
I am executing these instructions on an Ubuntu system, things may well differ on other platforms. I have no idea if RH based systems have an equivilant to Debians debootstrap.
Plug the stick into your system, and look at dmesg
It is important that we recognise what the device name is for our USB stick.
On my system, following insertion of a stick, I can see the following
[12169.500704] sd 5:0:0:0: [sdc] 506880 512-byte hardware sectors (260 MB) [12169.502281] sd 5:0:0:0: [sdc] Write Protect is off [12169.502285] sd 5:0:0:0: [sdc] Mode Sense: 43 00 00 00 [12169.502287] sd 5:0:0:0: [sdc] Assuming drive cache: write through [12169.502292] sdc: sdc1[12171.503704] sd 5:0:0:0: [sdc] 506880 512-byte hardware sectors (260 MB) [12171.504587] sd 5:0:0:0: [sdc] Write Protect is off [12171.504590] sd 5:0:0:0: [sdc] Mode Sense: 43 00 00 00 [12171.504592] sd 5:0:0:0: [sdc] Assuming drive cache: write through
[12171.504596] sdc: sdc1
Clearly my working device is sdc
Create a partition & build a filesystem
Use fdisk to remove an existing partitions on your USB stick, cfdisk or fdisk are the tools to use.
$ sudo fdisk /dev/sdc # Manage partitions on my USB device /dev/sdc
I created a single primary Linux partition, and made it active (bootable)
Device Boot Start End Blocks Id System
/dev/sdc1 * 1 1021 253177 83 Linux
We now need to make a filesystem on this device. Note that because of the way flash memory can only take a limited number of disk writes, we don’t want to use ext3’s journal.
$ sudo mkfs.ext2 /dev/sdc1 # Makes a ext2 fs on the partition
Install our OS onto the new filesystem
Lets mount the filesystem so that we can add files to it.
$ sudo mkdir /mnt/temp # Create a temp mount point
$ sudo mount /dev/sdc1 /mnt/temp/ # and mount our USB filesystem
I mentioned earler that I use Ubuntu as my closen desktop disrto, however I want the USB stick to be running stock Debian stable (etch). Becase Ubuntu is essentially a broken Debian system, we can simply do the following:
$ sudo debootstrap etch /mnt/temp/ http://ftp.uk.debian.org/debian
For those who are unaware, debootstrap bootstraps a new debian system. It will install all the base programs I need for a GNU/Linux instance on this USB stick.
$ sudo dumpe2fs /dev/sdc1 | grep UUID # find the UUID for our fs - Note this somewhere dumpe2fs 1.40.8 (13-Mar-2008) Filesystem UUID: 4481e1b0-0c0c-48fa-8c27-971aa95e3e9b
# chroot into our new system in /mnt/temp $ sudo chroot /mnt/temp/ $ mount /proc/ $ dpkg-reconfigure --all --priority critical --frontend dialog # This reconfigures all debs that need critical configuration
$ apt-get update
$ apt-get install initrd-tools linux-image-686 # Note to pay attention to the yes/no abort prompt - Select No to continue. $ echo 127.0.0.1 > /etc/hosts # create a minimum hosts file
$ echo replay > /etc/hostname $ vi /etc/fstab
Paste the below, editing the UUID for your UUID found by doing the dumpe2fs command earlier
# Leons example fstab - edit for your uuid # Note this is the minimum i need, there is no static association with a device name here # the UUID is a uniq ID for the fs UUID=4481e1b0-0c0c-48fa-8c27-971aa95e3e9b / ext2 defaults,errors=remount-ro 0 1 tmpfs /tmp tmpfs defaults 0 0 proc /proc proc defaults 0 0
Thats it for our work inside our chroot, lets exit and make the system bootable
$ sudo grub-install --root-directory=/mnt/temp /dev/sdc $ sudo chroot /mnt/temp/ $ apt-get install grub Check your grub settigns $ umount /proc $ exit $ sudo umount /mnt/temp
If the umount complains about the device being busy (very likely), I find that cron is running inside the chroot. Kill it.
$ eject /dev/sdc
There you go, you should now have a bootable(ish) USB stick with a debian base install on it. What a walk i the park, and far easier than many of the how-to’s I see scattered around the internet. I have noticed that there are a few things that don’t work well and need some attention: Essentially parsing the correct partition ID at boot time to the initrd. Ill look into that and do an update when I get this being more portable.