Featured Articles

Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
WordPress Multisite on the Darknet (Mercator .onion alias)
Hardening Guide for phpList
Introducing BusKill: A Kill Cord for your Laptop
previous arrow
next arrow

Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN--and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.

* Assuming your config doesn't leak DNS; see improvements section

Update 2017-08-25: Added "kill switch" firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN's vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the 'home' wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP--giving a false sense of privacy).

Update 2021-02-01: Fixed GitHub URL of cryptostorm's free OpenVPN configuration file Update 2021-02-14: Fixed GitHub URL of cryptostorm's paid OpenVPN configuration file

Update: I wrote this guide in 2017. It's intended for an audience that has
. . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I'm posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don't do it!

Here's a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:

fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Iterative MITM Packet Sniffer

Smooth Wall

I've wanted to setup a serious linux-based firewall for my home network for some time now, and I finally got around to it yesterday.

There are TON of linux router distros out there, but instead of spending 8 hours picking & choosing, comparing & contrasting, nitpicking & debating, I asked someone else ;). Two buddies of mine have a similar setup at their homes: one uses Smooth Wall; one uses IPCop. I arbitrarily chose Smooth Wall (after actually setting it up, though, I think IPCop would have been a better choice--c'est la vie.

The installation is supposed to be quite painless, and it was--for the most part. The documentation and install process was intuitive and easy to follow, but it didn't work OOTB. I probably only had so much difficulty because of hardware issues (fried NICs?) which is by no means Smooth Wall's fault. Nevertheless, it took ~5 hours of bang-your-head-against-the-table troubleshooting 'till I could finally unhook the monitor & keyboard, shove it in a corner, and get some sleep.

I was also disappointed with two things that didn't work as I had expected OOTB:

DHCP DNS VPN Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and
. . . → Read More: Smooth Wall