Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Suppose I have a number of computers connected to my local LAN. All of them are running linux and have their hard disks encrypted with LUKS and pre-boot authentication. Every password is a strong password. The computers are all online.
Is there a script or some program that causes all computers to power off whenever one of the computers signals an alert?
I was thinking about alert system that does something like this:
- All computers have full disk encryption.
- There is a local area network. Only one computer on that network is a server, the rest are clients.
- The server makes it presence known somehow (via socket broadcasts?)
- The clients are listening for the presence of a server, but are deactivated by default
- Once a client computer is connected to a LAN and detects a server, the client is activated
- Upon activation the client connects to the server and keeps an open connection
- If the connection is lost at any point, the client powers off
- Any client can send an alert to the server, who then broadcasts the alert to all other clients
- Any client that receives an alert from server powers off.
- Once a server is done sending alerts it powers itself off.
Obviously you'd have to be running scripts/programs on every server/client for this to work. I'm asking whether there is an existing solution, else I'll have to code it myself. I think I've heard about a python script that does something similar, but I can't recall its name...
Not sure what you're trying to defend against but it looks like a kind of a dead man's switch. I'd change a few things though: all connected machines are equal. If a network connection is lost, the machine retries to restore connection n times and then shuts down all user land applications in use and kills all user logins. Then the machine retries another n times, then umounts its LUKS partitions and shuts down. Any machine can send an alert to any other machine and any machine receiving an alert sends it to all other machines. For polling use something-innocuous-over-TCP like a misconfigured AVAHI or CUPS printer service or maybe only send a deliberately non-conforming ARP payload on alert that Arphound or Arpwatch should filter for? As for actively accessing and shutting down machines quickly over the network see the sysrq daemon and tcpconsole.
*I'm going to move this thread to the Networking forum as it's not about security but since it would be OK in Programming as well pleasee use the "Report" button on your initial post if you'd rather move it there, OK?
Nah, it's ok. I'm just experimenting with computer security in my free time.
Thanks for the tips. The initial idea was to have a server present on the network. Why? Well perhaps you don't want your computers i.e. laptops to be communicating to each other and powering off on all networks that they get connected to. For example only my HOME network is supposed to feature this alert system, but not the corporate network at work. I'd put the server on a Raspberry Pi and hide it inside a lockbox somewhere in the basement. In your case... for every machine to be able to communicate to every other they'd need to keep a list of active clients. This is definitely better and more secure approach that using client/server setup, but let's also consider the possibility of spammers i.e. we don't want any random user on the network to be able to send alerts... Some machines will have to be authed to the server to send alerts, but all clients could receive them.
Hmm. Still not sure what you're trying to defend against but OK. The idea of making all machines equal is to avoid a single server representing a single point of failure, it would add some randomization to polling intervals and allow for an overlap in coverage. Unless you have trouble in your LAN with say intelligent adaptive BYOD it wouldn't matter because foreign or not configured devices wouldn't have the right tools loaded to send the correct ARP payload or use the CUPS fake printer status URI... And while authentication and such would be nice to have it also increases complexity and that somehow goes against the purpose. (That is, if alerts are some sort of deal-with-it-right-now-or-die emergency...)
I see. In theory, by allowing all clients to send random alerts, the network would be exploitable (regardless whether the clients have tools or not, young kids have the urge to play with stuff) which is something I have a habit of avoiding. Not to mention having clients communicate with each other would expose a lot of information about them. Personally I'd be okay with running this on my own network, but I'm not ruling out the possibility of having other people using the application on their networks in the future. How exactly does the server represent a single point of failure? If the server fails then all clients lose connection with it and poweroff, which is the desired fail-secure mechanism.
EDIT:
Quote:
Originally Posted by unSpawn
Hmm. Still not sure what you're trying to defend against but OK.
(..) by allowing all clients to send random alerts, the network would be exploitable (..)
You haven't even begun to spec your stuff and you want to talk about what's exploitable?..
Quote:
Originally Posted by displace
(..) having clients communicate with each other would expose a lot of information about them.
Sweet Deities, "a lot"? Like what exactly?
Quote:
Originally Posted by displace
How exactly does the server represent a single point of failure? If the server fails then all clients lose connection with it and poweroff, which is the desired fail-secure mechanism.
Because it's that: just a single server.
To treat all loss of connectivity as equal is funny.
Real funny.
You haven't even begun to spec your stuff and you want to talk about what's exploitable?..
... not sure we're on the same page here. I'm merely exploring the possibilities, and I anticipate that with your setup any computer running the software (or some tool that mimics it) will be able to send an alert and poweroff all available computers. I'd call this an exploit, wouldn't you? To avoid this we'd want to have some sort of authentication here so that only trusted computers can signal events. I'm always assuming the possibility that Bob and Alice aren't the only people on the LAN, there's also Mallory. I trust I don't have to explain who Mallory is.
Quote:
Originally Posted by unSpawn
Sweet Deities, "a lot"? Like what exactly?
Let's see...
- Number of active clients on the LAN that use the software
- Possibly their finderprints (if the software sends ID strings)
- Which client triggered an alert (this should remain secret)
- Track client activity through time
- Detect whenever a client stops responding, but is still present on the network - this indicates the client has disabled the software.
- etc.
Quote:
Originally Posted by unSpawn
Because it's that: just a single server.
To treat all loss of connectivity as equal is funny.
Real funny.
But how is the server going to fail??? An attacker cannot replicate the server without proper credentials because clients aren't going to accept it. He can't redirect, intercept or MITM the traffic because it's tls-encrypted. If he manages to disrupt the server, all clients detect it and poweroff - attacker loses all hope of getting the data from clients on this occasion. Perhaps the software can be modded to support a network of multiple servers. But there has to be a way to tag a LAN and send a signal to all clients that the network supports this kind of alert systems. How can we do that without a server? How do we limit the clients to activate the defense only on certain networks?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.