Ready to Start Your Career?

LAN Turtles and Hardware-Based Network Reconnaissance

Tatianna 's profile image

By: Tatianna

December 4, 2018

There are a countless number of ways to monitor a network, and often times this means gathering target information and using software to perform reconnaissance. The software is used in acquiring a host target within an organization, extracting information from these devices, and parsing or interpreting the information. Using these programs requires certain operating systems and specialized knowledge that often takes time and training to learn how to use. Sometimes it may not be worth the time and effort required to learn and deploy open-source software solutions in the contexts of very specific tasks. While open-source network reconnaissance solutions are versatile and free to use, sometimes a paid hardware device is the best way to go. One such hardware device for network reconnaissance is known as a LAN turtle. You may have already learned about phone taps or hardware keyloggers, and LAN turtles operate in a very similar manner. The phone tap “listens” to communications on a telephone and records conversations to tape or outputs live audio to a third-party. The hardware keylogger “listens” to the signals sent by closing a keyboard switch to keep an exact log of everything the user types. In this way, the LAN turtle listens to network traffic between the target computer and the network. The LAN turtle is disguised as a typical USB-to-Ethernet adapter for desktop computers, but some clever maneuvering in the right context could make them useful for more portable devices like laptops. This tool is ideal for institutional settings where there are many desktop computers and little concern for checking such devices. Even trained IT professionals may have little concern for LAN turtles or be completely unaware of their existence.Some modern LAN turtle devices have network cards built into them that allow remote connections as soon as they are connected to a network. This means a LAN turtle can be used to physically bypass firewalls, create an unauthorized VPN endpoint, and instantly gain remote access to a device with a reverse shell. These devices see their greatest usefulness when attackers have physical access to a device and want to compromise it without opening a shell or taking the time to use computer software. Theoretically, LAN turtles could be installed covertly and successfully without any experience in cybersecurity software or network administration. Of course, understanding the software required to make use of a deployed LAN turtle does require a good deal of command-line and networking knowledge.[clear]
Schedule Demo