Skip to comments.With cyber crime on the rise, Portland couple make a device to detect digital break-ins
Posted on 12/14/2012 1:45:27 PM PST by aimhigh
IPCopper . . . makes devices with the forensic firepower to detect, track and ultimately prosecute cybercrooks, hackers or spies. The company's device captures all Internet activity without alerting hackers, or internal thieves, to its presence.
Housed in tamper-proof aluminum boxes, the devices have full "packet capture" or "sniffing" capability. Placed in line between a company's Internet connection and the computers that access it, the appliances record every email, website visit or Voice Over Internet Protocol conversation in complete detail.
(Excerpt) Read more at oregonlive.com ...
I gotta call BS on this one - bump
Yeah but it won’t do anything about the viruses that come in through the power supply.
I'll wait for techies to rip it apart"
And transmits the data to whom?
“I gotta call BS on this one - bump”
I don’t think its BS. A device like this makes a raw copy of the packet, stores it, and simultaneously forwards it. You can easily do that with a cheap FPGA. You can compress the packet in realtime prior to storage too.
Of course, you need a *lot* of storage to make it useful :-). But mirroring packets as they come off the wire and pass through a MAC is not that difficult in programmable logic.
Citing privacy and security concerns, Ash, 34, and Mouraveiko, 37, decline to provide detailed information of sales, names of customer firms or examples of how their products are used. They also shy away from describing how they entered the field. They say only that unnamed clients — whether corporate, defense or intelligence, they won’t say-
It is so secret that if you buy within the next few minutes they will ship you another FREE! Just pay additional postage and handling (that’s where the get you.)
The location of their business is so secret that if you need to return it for any reason, you can’t find their address.
Man! This secret + top secret + amazing secret “device” must be really good.
By the way, what ever happened to the perpetual motion machine everyone was discussing last year? I haven’t seen any on the market yet.
“As a matter of fact it is so secret that even the customer does not know what it does or where he bought it.”
That’s sorta like how Pelosi pitched Obamacare. Pass it, then we’ll see what’s in it.
When I enabled sshd on its standard port, on my home machine, I was getting about 30,000 failed login-attempts per day.
“Pass it, then well see whats in it.”
Just like a stool sample!
Sounds like something Ironport already handles.
This is nothing really new, Unified threat management (UTM’s) have been around in the business field for a while now. Actually a few of them offer a free version that you can load onto a low end PC with two ethernet ports that will do pretty much the same thing. Untangle and Astaro (now called Sophos) are two examples that I have experience with. The freebees are pretty capable and if you have an old PC laying around it’s a good way to put it to use. Can’t say how good this box is but I have my doubts if they are being so cagey about the details.
It’s just a sniffer program running on a standalone box.
You can do the same thing if you have a hub and download Wireshark.
The hub will repeat all traffic sent through it to every device connected to the hub.
Wireshark will show you what’s happening. I’ve used it to trouble shoot problems in the past.
The most sophisticated criminal networks are already using encryption to conceal what is in their traffic, and proxy networks like Tor to conceal their location. This won’t do anything about that.
“Just like a stool sample!”
I just think the claim is somewhat exaggerated.
It is one thing to monitor traffic and detect a hack but quite another to track him down to his home and prosecute him/them/her.
as you pointed out, most hacks use proxies and encryption so even if you detect him that’s about all you can do unless he is just being sloppy
Even if you know that it was ali okpong in indonesia connecting through a proxy and an abandoned ip block in the USC school system...who is going to prosecute it?
How are you going to explain to the police in Indonesia that someone is trying to find the credit card information on your computer?
Anyone can run a packet sniffer a lot of free ones are available some firewalls already have the capability the real challenge is having someone who can decipher it all even hard for someone who understands it!
I use IP Tables for a firewall any traffic that is not asked for by my computer is blocked period all those blinking ads and popups are blocked any third party traffic is blocked and yes sometimes i have to loosen the rules to get webpages to load but it is worth that trouble!!!!
Sure it has; it's called, in the vernacular, "the debt ceiling."