Deploying Smooth-Sec 1.3 as a Bridge

The following are the steps I took to deploy Suricata + Snorby via Phillip Bailey’s Smooth-Sec.

My hardware

Intel DBS1200KP Mini ITX Server Motherboard LGA 1155 Intel C206
Intel Core i3-2120 Sandy Bridge 3.3GHz LGA 1155 65W Dual-Core
ADATA AXDU1333GW8G9-2G 16GB (2 x 8GB) 240-Pin DDR3 SDRAM
Mushkin MKNSSDCR60GB-DX 2.5″ 60GB SATA III Synchronous MLC SSD
Intel EXPI9402PT PRO/1000 PT Dual Port Server Adapter 10/ 100/ 1000Mbps

  • I use eth0 for management with a LAN address, and eth1 and eth2 are bridged.
  • eth1 is connected directly to a modem (to my ISP) and eth2 is connected to a Linux server (Anon).
  • Anon’s NIC is set for Link-Local which is in use by a Linux server virtual machine (Wiki-VM) which is bridged to Anon’s NIC.
  • Wiki-VM is using a public/static IP.

1. Edit Smooth-Sec’s network interfaces:

# vim /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

auto br0
iface br0 inet loopback
bridge_ports eth1 eth2

2. Restart networking:

# /etc/init.d/networking restart

3. Edit the Surucata config:

# vim /etc/suricata/suricata.yaml

4. Replace all instances of “eth0” with “br0”

5. Edit the Suricata start-up script:

# vim /etc/init.d/suricata

6. Again, replace all instances of “eth0” with “br0”

7. Restart Suricata:

# /etc/init.d/suricata restart

8. Drink tasty beverage

Which Side Are You On

Re: article: Lines in the Sand: Which Side Are You On in the Hack

I think that ‘Us-vs-Them’ reasoning is really common in hacker’s online and offline publications. There’s a lot of big ideas and vague expectations so I hope it’s not too hard to choose something to be skeptical about in this article.

A lot has come out in the media this past year about _all_ (not just the select few who make the news) of US congress is subject to financial corruption– Lessig and This American Life go into detail. Anonymous has gone after law enforcement (LE) and when they do, I can’t help but feel they’re motivations are misplaced. When LE perform anti-constitutional acts (spying, protestor abuse, etc), to me, they are mostly a symptom to a very complex problem. Why is this issue reduced to “Hackers” vs. “.Gov and .Mil”? It’s way too simplistic for my liking.

Jacob Appelbaum often makes fun of LE by saying things like, “99% of them make the rest look bad.” Retrospectively, why wouldn’t society (not just egocentric hackers) want more socially-sensitive, honest, and intelligent people working for publicly funded institutions? Intellectual challenges exist in many forms and even more that are unformed. Anyone can log on and become Anonymous. It would not surprise me at all if LE agents, on the side, help hack dictator regimes in foreign countries for the lulz and the obvious morally valid execution of activism. I don’t know everything that the author of this particular article is thinking, or if s/he has ever been in a real fight, but usually, attacking someone doesn’t change their mind about the root issues. And with all due respect, changing the mind of your adversary is the objective here (think: making a friend of your enemy as many great martial artists would teach), even if it’s more complex, more difficult to understand, and harder to change.

Symptoms of Disinformation in News Media

For the purpose of this article, I define the following:

  • Information is data being actively perceived by one or many biological, sensing entities, with the preexisting condition of expecting a change in their state of knowledge when information is consumed.
  • Knowledge is stored, networked information if and only if one person does both the perceiving and integration management of information into preexisting information networks. Knowledge is not (yet) information stored on external storage devices (including books, hard disk drives, or articles found via the Internet).
  • Misinformation and Disinformation can be many things, including part information and part false information. Because of the nature of “half truths”, information being consumed–with the expectation that it is only informative or could be partially misinformative– can separate you from existing facts and future facts regardless of its intended purpose or expected outcome.

A look at not-information

“Anglo-Saxon: bad, harsh, wrong”

dis-, di-, dif-
“Latin: separation, apart, asunder; removal, away, from; negation, deprivation, undoing, reversal, utterly, completely; in different directions”

“Misinformation” is said to be “false information” and “disinformation” is said to be “intentionally false information”. The preexisting condition and expectation that information is likely truthful or factual will affect the processing and post-processing of content. Misinformation and disinformation are anti-helpful when your goal as an information consumer is to add to or change your knowledge; they both remove you from being closer to facts, both immediately and during future events of like-information consumption.

Even if you flip the roles, becoming an information producer with the need to identify misinformation, if your objective is to share information then you need tools that identify not-information.

misinformation = disinformation = not-information = false information

Regardless of the intent of attempted information or false information sharing, an information consumer will be misinformed by its consumption–partially or wholly separated from truth or fact. Providing misinformation persuades an information consumer to move away from an expectation of complete information.


Half-truths: “Making statements that are true only in a strict and relatively meaningless sense.”

On digital mediums such as cell phones and Twitter, or even submitting a status update on a social network, space can be a commodity. The same is true for things like news article titles or email subject lines. Condensation of information can lead to more goal-oriented processing–processing that takes place at a higher level of cognition because of it’s obvious importance to attracting the expected information consumer.

  • What is it that you want to say?
  • What is it that you want them to think?
  • What are you trying to convince them of?
  • Who is your expected audience?
  • Why is this important?

These are all things that social engineers think about. Even the four year old who doesn’t want to go to bed. In the context of social-engineering, there is a multidimensional spectrum of intent. Some might be good and some might be bad and it largely depends on the stakeholders and consequences. But the end result of consuming formed content, with the goal of becoming informed, is that you will become reformed to some degree. If an information consumer’s reformation is swayed away from an expectation of complete information, and s/he are unaware that a news article title is dramatic, absolute, or sensational so that s/he can auto-correct their perception, the information consumer will become misinformed.

misinformation = disinformation = not-information = false information = half-truths

When you frame the presumed primary information of a news article with a formed title and that title is partially or wholly a half-truth, it is misinformative.

Article titles, information classification analysis, and not-information identification ***

Identifying the primary information in a news article is relative to a couple of different things.

  1. To the information producer, the primary information should be the main topic of the article, and it should be firmly represented in the title of the article.
  2. However, the primary information, however important for connecting types of information to an information consumer’s knowledge, may be secondary to the information producer if s/he is purposefully sharing secondary, meta, operational, or derivative information in a manner that is more than complementary to said primary information.
  3. To the information consumer, the primary information will likely be the main topic of the article, which an information consumer should identify with when s/he reads the title of an article.
  4. However, the information consumer may not be reading a news article solely for the primary information. S/he may be specifically looking for secondary, meta, operational, or derivative information in support of related or unrelated primary information.

In the case of #2 or #4, for the purpose of understanding the relationships between information classifications, the notion of primary information can be hybrid-information. A few examples include:

  1. Primary-secondary: Secondary information (the lack of information in an information source) that reinforces a notion directly related to primary information.
  2. Primary-meta: Meta information in support of primary information.
  3. Secondary-derivative: Derivative information in support of secondary information.

In any of these above cases, an information producer’s or consumer’s objective may be concentrated on supportive information. It is often the case that with condensed information sharing, hybrid information is used in order to further persuade a possible information consumer into becoming a consumer of a producer’s information.

A news article title: “Hacktivists no longer anonymous” [source] [Google cache]

This information content is composed of several classifications of inferred information:

  1. Primary: the notion of a hacktivist
  2. Primary: the notion of anonymity
  3. Meta: someone must not like what all hacktivists were doing in the past
  4. Operational: the notion of a group of people no longer being something; a state change
  5. Primary-meta: some entity has affected every hacktivist to an extreme degree
  6. Primary-operational: all hactivists are no longer able to do something that they once used to
  7. Secondary-derivative: many activists I know can still be anonymous online
  8. etcetera

The goal here is to be as specific as possible, so often times something that may seem like secondary information or derivative information may be secondary and derivative in certain circumstances. You may be able to infer your own information classifications here, and that’s the point– information consumers have partial control over how their information is consumed. However, the producer clearly has the the first move– not, necessarily, the upper hand.

If the title had been: “Hacktivists presuming to be anonymous are getting caught”, it obviously would have been closer to the presumed state and expectation of complete information. It might have been more attractive of a title to onlookers. Qualitatively classifying the information types for the article title that wasn’t used would also result in clearly different outcomes, thus leading people to different consequences. These consequences would affect both present and future information consumption and processing activities, like immediately going into the content and adapting, or later reading similar articles and adapting.

Juxtaposed with information available online the same day as the above published article, #7, my identified secondary-derivative information would suggest that the article title is not 100% true, and thus, misinformation, because it is implying a movement away from truth or fact and an unknowing information consumer might completely or relatively align their thought processes with the information classification definitions #1 – #6. As I will explain below, it actually appears to be disinformation, because it was purposefully framed.

Absolute and permanent state change for an entire group of people is likely misinformation.

Information entropy, news titles, and disinformation

Information entropy, for the purpose of this article, is a qualitative measurement of the state of information juxtaposed to the state of similar information in the same information source. Basically, if a news article title which has the expectation of being in alignment with the content of the article is different, it should be an alarm that the information producer may be providing disinformation.

Take, for instance, this except from the above article:

Whether Anonymous can remain anonymous in the face of increased surveillance remains to be seen, however. Over the last year the group has had its share of setbacks, with arrests taking place around the world, in part thanks to traitors in their midst.

Juxtaposed with “hacktivists no longer anonymous” and the information classification analysis performed above, this quote does not jibe with the title, which means the author(s) are knowingly invoking half-truths into a headline–a misrepresentation of the primary information–and thus disinformative.

Why is this relevant?

Scenario #1

I, an information consumer, posses or has access to secondary-derivative information that disproves an absolute. I now distrust the information producer. Not just for this article but for anything else their name is tied to. The single most obvious repercussion that an information producer needs to understand: I might not want to renew my subscription to a news source that you work for now or in the future.

Scenario #2

You, an information consumer, might not have read a single article about, or have no experience with a hacktivist or someone who would want to remain anonymous online. If this is the only information that is strewn to construct your knowledge, your future ability to correctly analyze and process information concerning this topic is now diminished. “People remember most what they learn first and last in a given session,” [source] and news article titles are a critical piece to information consumerism.

~ ~ ~

Information consumers should be critical of all forms of presumed misinformation. Maintaining information quality assurance should not only be the responsibility of the information producer, as information feedback loops will help the journalism profession as a whole.

*** Adapting Dr. Floridi’s information classifications:

  • Primary – The principal information
  • Secondary – The absence of primary information
  • Meta – The indications about the nature of non-meta information
  • Operational – The “[information] regarding the operations of the whole [information] system and the system’s performance”
  • Derivative – “The information that can be extracted from some information whenever the latter are used as indirect sources in search of patterns, clues, or inferential evidence about other things than those directly addressed by the information themselves, for example for comparative and quantitative analysis.”

Dummy Barrier concept

I plan on starting a new company to re-create what is called a “dummy barrier” from Ghost in the Shell. I expect it to be composed of two computers, one part firewall with pfSense, and the second part being Security Onion for a intrusion detection system complete with network security monitoring interfaces.

Update: I tried out Smooth-Sec on a mITX platform:

Update: the YouTube video showing the 3d print rendering of the concept:

Update: I went ahead and registered Sagawa, LLC. 🙂