Dave Bullock / eecue

photographer, director of engineering: crowdrise, photojournalist, hacker, nerd, geek, human

EVDO and Defcon

King Tuna

As everyone in attendance should know, the Defcon network is probably the most dangerous and hostile network in the world. No network is secure, but the wireless network at Defcon is totally insecure with thousands of hackers and script kiddies sniffing traffic and actively attacking ever system they see. This is one reason why I've made it a habit to use an out of band connection for my internet needs. My out of band network of choice is EVDO, but even with that I still send all my traffic through an ssh tunnel to a trusted host.

Verizon's EVDO uses ppp to assign you system a public internet address, and I'm guessing that the IP range varies from city to city. It's no surprise that people know about this as evidenced by the logs below that show port scans bouncing off my firewall.

One of the talks coming up today is "Hacking EVDO," and I was a bit worried that someone had figured out how to sniff EVDO traffic. I happened to run in to King Tuna, who is giving the talk and asked him about what he had found. He told me that currently the protocol is still secure, but that he had found a vulnerability in one of the chipsets which he has written an exploit for. The point of his research was to inspire other people to work on the protocol and break it.

The logs from my firewall can be found after the jump.

Aug 2 17:18:26 [me] ipfw: 12190 Deny TCP 190.36.195.16:51441 [my ip]:5900 in via ppp0
Aug 2 17:53:17 [me] ipfw: 12190 Deny TCP 216.248.0.250:51957 [my ip]:5900 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1480 [my ip]:3128 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1484 [my ip]:80 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1483 [my ip]:8000 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1485 [my ip]:8000 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1485 [my ip]:8000 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1480 [my ip]:3128 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1484 [my ip]:80 in via ppp0
Aug 2 19:40:09 [me] ipfw: 20600 Deny TCP 69.28.79.34:1483 [my ip]:8000 in via ppp0
Aug 2 20:21:34 [me] ipfw: 20600 Deny TCP 59.29.108.114:17038 [my ip]:5900 in via ppp0
Aug 2 20:51:00 [me] ipfw: 20000 Deny ICMP:8.0 70.215.135.234 [my ip] in via ppp0
Aug 2 20:53:02 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50146 from 69.147.90.156:80
Aug 2 20:55:22 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50239 from 204.11.51.34:80
Aug 2 20:55:22 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50240 from 204.11.51.34:80
Aug 2 20:55:22 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50241 from 204.11.51.34:80
Aug 2 20:55:22 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50242 from 204.11.50.136:80
Aug 2 20:55:25 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50239 from 204.11.51.34:80
Aug 2 20:55:25 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50240 from 204.11.51.34:80
Aug 2 20:55:25 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50241 from 204.11.51.34:80
Aug 2 20:55:26 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50242 from 204.11.50.136:80
Aug 2 20:55:31 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50239 from 204.11.51.34:80
Aug 2 20:55:31 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50240 from 204.11.51.34:80
Aug 2 20:55:31 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50241 from 204.11.51.34:80
Aug 2 20:55:32 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50242 from 204.11.50.136:80
Aug 2 20:55:43 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50239 from 204.11.51.34:80
Aug 2 20:55:43 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50240 from 204.11.51.34:80
Aug 2 20:55:43 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50241 from 204.11.51.34:80
Aug 2 20:55:44 [me] ipfw: Stealth Mode connection attempt to TCP [my ip]:50242 from 204.11.50.136:80
Aug 2 22:54:58 [me] ipfw: 20000 Deny ICMP:8.0 70.215.135.234 [my ip] in via ppp0