carnivore news

getting over dect

2010-07-30T20:31:59+02:00

I noticed my account balance for my voip provider to drop by ~10€ during the last 3 days, even though I did not make that much calls. So I had a look on the list of outgoing calls, which is stored by the provider. The list showed me lots of phone numbers I did not know.
Looking at the list of connected phones to my account, there were only the phones I used myself, a Grandstream GXP 2000 and a Siemens Gigaset C450 IP DECT phone. So it was rather obvious somebody else was connected to the base station of my C450 DECT phone, making calls on my costs.

If the laws would have permitted it, I might have setup tcpdump on the gate, capturing all traffic from and to the C450 base station.

I wanted this person to pay for his calls, so my first step was looking at the numbers he called, by comparing the numbers with numbers from my own phone book, this was really time consuming, and in the end he owned more than 95% of all calls.

I noticed a lengthy call to a number which was known by google, and associated with a sex toy shops telephone order service, and lots of calls to a single mobile number.

If the laws would have permitted it, I'd have copied the pcap file from the router to a desktop with wireshark installed, and using wiresharks great VoIP replay, the conversation could have revealed the unknown person using my base station ordered drugs for 30€, the drug dealer complained about the bad quality, where the unknown replied he was using a wifi-phone.

I tried to 'call myself', hoping his phone would ring too, so I could talk to him about his phone being connected to my base station, but nobody accepted the call. So, I decided to call the most often called number, using my mobile. This number turned out to be the unknowns girlfriend, who got really cooperative when I mentioned the police, she turned over her boyfriends address.

Some minutes after the call, the unknown tried to call me on my mobile, but he dialed the wrong number.

If the laws would have permitted it, I'd have listend to this call by using wireshark on the pcap. Somebody calling an unknown, telling a story about his girlfriend calling him, claiming she was called by an unknown who said somebody who called he was using his phone, while the called always said he did not know anything about 'phone' but could get his own girlfriend on the phone. It would have been a hilarious dialogue.

So, having his address, and the amount he owed me, I decided to give the unknown a visit.
He was expecting me, and even tipped me for my time spent on this.
The phone he used was a Fritz!Fon MT-F, which connected to my base station right after one turned it on.

After making sure there is no way to see the associated handsets on my C450 IP base station, I decided to get over DECT, turning the base station off.

This blog post was created on 2010-07-30 at 20:31 by Markus. It is tagged with dect.

python - getifaddrs

2010-07-22T01:21:18+02:00

For whatever reason python lacks a binding for getifaddrs. For dionaea I created the binding myself, but the code can not be used without dionaea, and I don't like having to install additional bindings to get some basic functionality.
Therefore, I decided to create the functionality provided by the dionaea getifaddrs binding using python ctypes, easy to install, no compiling, copy&paste does the trick.

The code works with python2/3, Linux works, Darwin/OSX may work, Windows? good question.

carnivore news

getting over dect

python - getifaddrs

git-daemon logfile processing

research.microsoft.com - MSS of 536 bytes

metasploitable

smb bugs

the story of 7867de...3e33e7

getting the file

Netware SMB Remote Stack Overflow

python3 - ctypes

ctypes

data visualisation - afterglow

dnsbl test

data visualisation

batteries included

debianization

xmpp - take #3

alix - random notes

hardware

alix installation - debian

alix - networking

alix - bind9 & dhcpdv3

xmpp - take #2