On local network security

This is going to be my first article series, as I most likely won't cover every aspect here.

BIG DISCLAIMER: Doing what I mention here outside of your own network is ILLEGAL.

So yeah. My home network looks somewhat like this: Old Layout

This image doesn't show the various Wi-Fi devices connected to it, because you need to do something else to MitM Wi-Fi.

My first idea (described in this article) was using dnsmasq and a device always connected to the LAN to make devices think the device is the router. This apporach has the following advantages:

  • No modification to the router needed

  • Can do whatever you want with the traffic

Disadvantages:

  • Not that easy to set up (requires a working dnsmasq and a NAT rule from eth0 to eth0 (or whatever your main adaptor is called))

  • Race condition with the actual router unless you have disabled dhcp on it (which requires router modification)

Results:

  • Traffic of the entire network redirected over one machine that can do whatever you want.

  • The DNS server can be modified to redirect the user to phishing sites

  • If you log the entire TCP traffic, you might get some passwords.

  • It is even possible to MitM non-encrypted traffic

What to do to protect against it?

  • Disable DHCP in your router and manually give everyone an IP address

  • Don't give any access to your Internet to persons who you don't completely trust

  • CHANGE YOUR ROUTER PASSWORDS!!!. Those can be things like '1234' by default. and they stand on the back of the router. Guess how easy it is to access it most of the time? (Hint: Word contains only one consonant)

PS: None of the data aquired in process of making this article is stored anywhere on my Server/PC. Here is the diagram of our network today:

New Layout