

The PlugBot: A covert penetration testing device - there
http://theplugbot.com/

======
jberryman
FYI the device pictured is a SheevaPlug and is most of what is cool about this
IMHO

<http://en.wikipedia.org/wiki/SheevaPlug>

This would be a fun project but it strikes me as a little lame that they want
donations for what I imagine would be writing a few bash scripts.

~~~
noonespecial
We already use Sheevas for this and tons more. Taking the default debian,
plugging in a usb stick and running snort is indeed a 10 minute operation.

For more elegance, use a guru plug with its dual gigE ports, turn it into a
transparent bridge, and just put it inline with the ethernet cable of your
target.

[http://www.globalscaletechnologies.com/t-guruplugdetails.asp...](http://www.globalscaletechnologies.com/t-guruplugdetails.aspx)

Once you realize you've got a fully capable linux server/router right there in
the wall socket, all kinds of wild applications start springing to mind.

------
nostromo
Pretty cool... and terrifying.

You could do something similar already by leaving behind an iPhone (with
custom software) plugged in somewhere in the office. It could probably be less
conspicuous than this thing.

~~~
icey
Many moons ago I did something like this at a place I worked. Instead of a
phone, I took the guts of a dreamcast running Linux and duct taped under the
CTO's desk because he refused to stop claiming that our network was
significantly more secure than it actually was (which is to say, he claimed it
it was very secure, when in reality it wasn't secured at all).

Unfortunately, it didn't have the desired effect; and the network admin was
pissed that he had to count all of the connection lights on the switches in
the network closet once a week.

Rogue devices on your network are hard to detect and defeat.

~~~
bradleyland
Not if you know what you're doing. A good practice is to shutdown any switch
interfaces that aren't in use. Once you've done that, you can implement a
rudimentary access policy using MAC based ACLs. While a MAC based ACL won't
prevent an attacker from gaining access to your network like a real
authentication system (802.1X), it will help you notice the disruption. If you
shut all ports that aren't in use, and you implement MAC ACLs, someone will
notice the disruption. You'd have to unplug a network device in order to get
an active port, and if you plugged in a hub, you'd have to spoof a MAC
address, which would disrupt traffic to/from the device belonging to the MAC
you just stole.

Even rudimentary measures can help secure a network to some degree.

~~~
drdaeman
If the PlugBot would have two Ethernet ports, working as a completely
transparent bridge, shutting down ports and enabling 802.1X won't help much.
Bot will just patiently wait for target to authenticate, then proceed with IP
and MAC spoofing for its operations (filtering on the bridge).

802.1X-2010 and MACsec would address this issue, but they require more
expensive hardware and not yet widely supported.

~~~
sp332
Reminds me of the Network Monkey <http://www.hak5.org/store/network-monkey>

------
cwb71
I know that this is just Sheeva hardware, but I think this application begs
for a second Ethernet port. Then you could use it as a “tap,” wouldn't need to
find a an empty network port, could spoof the MAC of the device behind it,
etc. Even better, put power over Ethernet in it and use it to replace the
power injector already attached to that Polycom in the conference room...

~~~
noonespecial
This version has 2 gigE ports and only costs $20 more.

[http://www.globalscaletechnologies.com/t-guruplugdetails.asp...](http://www.globalscaletechnologies.com/t-guruplugdetails.aspx)

------
PostOnce
You could run tor hidden services on these things, to keep wikileaks afloat
covertly. Install them above dropped ceilings, if possible.

------
gmaster1440
Is there a way I can actually get my hands on one ? I'd love to.

~~~
proexploit
You can get the SheevaPlug DevKit for $99
([http://www.globalscaletechnologies.com/p-22-sheevaplug-
dev-k...](http://www.globalscaletechnologies.com/p-22-sheevaplug-dev-kit-
us.aspx)). As far as the software they're using, it's not available yet but
will be GPL (source: <http://theplugbot.com/about>).

------
tzm
This should be a Kickstarter project.

------
robertk
It took me a minute. Apparently, I have a dirty mind...

