contact us

Use the form on the right to contact us.

You can edit the text in this area, and change where the contact form on the right submits to, by entering edit mode using the modes on the bottom right.

           

123 Street Avenue, City Town, 99999

(123) 555-6789

email@address.com

 

You can set your address, phone number, email and site description in the settings tab.
Link to read me page with more information.

What a Hacker Sees

They won't even know you're there.

As far as the casual hacker is concerned the Tiny Hardware Firewall (THF) is a black hole.  It does not react to any traffic sent to it from the outside world.  It does not even respond to pings.  It will only pass traffic that was initiated inside of the firewall. 

 

The first thing a hacker will do is some early reconnaissance.  It is the bank robber equivalent of “casing the joint”.  The reconnaissance software pokes and prods the target, checking to see if any doors or windows are unlocked, checking to see what model safe is in use if there is one.

Below we use a network reconnaissance tool and point it at a laptop, and then at the same laptop when it is behind the THF.  Without the THF the hacker can see what services are running and reach into their box of tools to see if they have something that can compromise that service.  With the THF they get nothing.  They don't know your there, they don't know what operating system you are running, and if they are running a sniffer while you have the vpn on they can't even see where your traffic is headed or even what type (web, email, text, voip) it is.

 

Without the THF

 

Starting Nmap 6.40 ( http://nmap.org ) at 2013-08-26 15:45 EDT

NSE: Loaded 110 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 15:45

Scanning 192.168.45.154 [1 port]

Completed ARP Ping Scan at 15:45, 0.38s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 15:45

Completed Parallel DNS resolution of 1 host. at 15:45, 0.02s elapsed

Initiating SYN Stealth Scan at 15:45

Scanning 192.168.45.154 [1000 ports]

Discovered open port 5900/tcp on 192.168.45.154

Discovered open port 22/tcp on 192.168.45.154

Discovered open port 631/tcp on 192.168.45.154

Increasing send delay for 192.168.45.154 from 0 to 5 due to 178 out of 444 dropped probes since last increase.

Discovered open port 548/tcp on 192.168.45.154

Discovered open port 88/tcp on 192.168.45.154

Discovered open port 3031/tcp on 192.168.45.154

Completed SYN Stealth Scan at 15:45, 14.77s elapsed (1000 total ports)

Initiating Service scan at 15:45

Scanning 6 services on 192.168.45.154

Completed Service scan at 15:45, 6.32s elapsed (6 services on 1 host)

Initiating OS detection (try #1) against 192.168.45.154

NSE: Script scanning 192.168.45.154.

Initiating NSE at 15:45

Completed NSE at 15:45, 0.37s elapsed

Nmap scan report for 192.168.45.154

Host is up (0.0030s latency).

Not shown: 994 closed ports

PORT     STATE SERVICE      VERSION

22/tcp   open  ssh          OpenSSH 5.9 (protocol 2.0)

| ssh-hostkey: 1024 a0:2f:e7:09:1c:44:c8:cc:eb:27:46:e2:d1:73:18:d1 (DSA)

|_2048 32:d0:6c:bd:70:aa:1f:ba:c7:98:ce:65:a9:cf:e0:55 (RSA)

88/tcp   open  kerberos-sec Heimdal Kerberos (server time: 2013-08-26 19:45:28Z)

548/tcp  open  afp          Apple AFP (name: randalflag.s Computer; protocol 3.4; Mac OS X 10.6; MacBook Pro)

| afp-serverinfo: 

|   | Server Flags: 0x9ffb

|   |   Super Client: Yes

|   |   UUIDs: Yes

|   |   UTF8 Server Name: Yes

|   |   Open Directory: Yes

|   |   Reconnect: Yes

|   |   Server Notifications: Yes

|   |   TCP/IP: Yes

|   |   Server Signature: Yes

|   |   ServerMessages: Yes

|   |   Password Saving Prohibited: No

|   |   Password Changing: Yes

|   |_  Copy File: Yes

|   Server Name: rspecflag\xD5s Computer

|   Machine Type: MacBookPro3,1

|   AFP Versions: AFP3.4, AFP3.3, AFP3.2, AFP3.1, AFPX03

|   UAMs: DHCAST128, DHX2, Recon1, Client Krb v2, GSS, No User Authent

|   Server Signature: 00000000000010008000001b639d964e

|   Network Address 1: 192.168.45.154:548

|   Network Address 2: 192.168.45.154

|   Directory Name 1: host/macintosh-3.local@LOCAL

|_  UTF8 Server Name: randalflag\xE2\x80\x99s Computer

631/tcp  open  ipp          CUPS 1.6

|_http-favicon: Unknown favicon MD5: B1AB0F584AB4E807608E7D5A8195B9E1

| http-methods: GET HEAD OPTIONS POST PUT

| Potentially risky methods: PUT

|_See http://nmap.org/nsedoc/scripts/http-methods.html

|_http-title: Web Interface is Disabled - CUPS v1.6.2

3031/tcp open  appleevents  Apple Remote Events

5900/tcp open  vnc          Apple remote desktop vnc

| vnc-info: 

|   Protocol version: 3.889

|   Security types:

|     Mac OS X security type (30)

|_    Mac OS X security type (35)

MAC Address: ############Blanked Out By WiFiConsulting  ############### (Apple)

Device type: media device|phone

Running: Apple iOS 4.X|5.X|6.X

OS CPE: cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6

OS details: Apple Mac OS X 10.8.0 - 10.8.3 (Mountain Lion) or iOS 4.4.2 - 6.1.3 (Darwin 11.0.0 - 12.3.0)

Uptime guess: 11.153 days (since Thu Aug 15 12:04:47 2013)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=261 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x:10.6, cpe:/o:apple:mac_os_x

TRACEROUTE

HOP RTT     ADDRESS

1   2.99 ms 192.168.45.154

NSE: Script Post-scanning.

Initiating NSE at 15:45

Completed NSE at 15:45, 0.00s elapsed

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 26.68 seconds

           Raw packets sent: 1772 (78.746KB) | Rcvd: 1034 (41.842KB)

 

Protected by the THF

 

Starting Nmap 6.40 ( http://nmap.org ) at 2013-08-27 10:11 EDT

NSE: Loaded 110 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 10:11

Scanning 192.168.45.192 [1 port]

Completed ARP Ping Scan at 10:11, 0.28s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 10:11

Completed Parallel DNS resolution of 1 host. at 10:11, 0.02s elapsed

Initiating SYN Stealth Scan at 10:11

Scanning 192.168.45.192 [65535 ports]

SYN Stealth Scan Timing: About 0.62% done

SYN Stealth Scan Timing: About 1.25% done; ETC: 11:32 (1:20:14 remaining)

...Snip...

SYN Stealth Scan Timing: About 95.31% done; ETC: 11:31 (0:03:45 remaining)

Completed SYN Stealth Scan at 11:31, 4791.73s elapsed (65535 total ports)

Initiating Service scan at 11:31

Initiating OS detection (try #1) against 192.168.45.192

Retrying OS detection (try #2) against 192.168.45.192

NSE: Script scanning 192.168.45.192.

Initiating NSE at 11:31

Completed NSE at 11:31, 0.00s elapsed

Nmap scan report for 192.168.45.192

Host is up (0.072s latency).

All 65535 scanned ports on 192.168.45.192 are filtered

MAC Address: ############Blanked Out By WiFiConsulting  ###############

Too many fingerprints match this host to give specific OS details

Network Distance: 1 hop

TRACEROUTE

HOP RTT      ADDRESS

1   72.17 ms 192.168.45.192

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 4798.65 seconds

           Raw packets sent: 131120 (5.774MB) | Rcvd: 679 (37.996KB)