oh and lastly to understand a bit more about why you don't need to be an
ultrasmart blackhat:
even USB keyboards are dangerous and lots of things can pretend to be usb
https://www.youtube.com/watch?v=00A36VABIA4
and postscript:
for a usb firewall, so to speak, https://wiki.wireshark.org/CaptureSetup/USB
Can probably get it done with usbmon and libpcap. Could get a poc in scapy
Probably iptables can be reused
Prevent both rubber duckies and packet injection attacks against bluetooth
mice that are seen as keyboards
On Wed, Jan 24, 2018 at 4:40 PM, Charlie Eddy <charlie.eddy@occipital.com>
wrote:
> Hi stefan,
> i asked this a bit ago (or similar)
> 1. https://usbguard.github.io/
> 2. you can just disable USB ports or controller in BIOS, but that's not
> exciting at all.
> 3. this diff, which one person used once:
>
> Index: sys/dev/usb/uhub.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/usb/uhub.c,v
> retrieving revision 1.89
> diff -u -p -u -r1.89 uhub.c
> --- sys/dev/usb/uhub.c 2 Sep 2016 09:14:59 -0000 1.89
> +++ sys/dev/usb/uhub.c 1 Jan 2017 22:52:53 -0000
> @@ -55,6 +55,9 @@
> #define DEVNAME(sc) ((sc)->sc_dev.dv_xname)
> +/* controls enabling/disabling of USB bus probing */
> +int busprobe = 1;
> +
> struct uhub_softc {
> struct device sc_dev; /* base device */
> struct usbd_device *sc_hub; /* USB device */
> @@ -439,6 +442,9 @@ uhub_explore(struct usbd_device *dev)
> usbd_clear_port_feature(sc->sc_hub, port,
> UHF_C_PORT_LINK_STATE);
> }
> +
> + if (!busprobe)
> + return (0);
> /* Recursive explore. */
> if (up->device != NULL && up->device->hub != NULL)
> Index: sys/dev/usb/usb.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/usb/usb.c,v
> retrieving revision 1.111
> diff -u -p -u -r1.111 usb.c
> --- sys/dev/usb/usb.c 18 May 2016 18:28:58 -0000 1.111
> +++ sys/dev/usb/usb.c 1 Jan 2017 22:52:53 -0000
> @@ -87,6 +87,8 @@ int usb_noexplore = 0;
> #define DPRINTFN(n,x)
>
No comments:
Post a Comment