From: vulnerable (vulnerable@gmail.com)
Date: Thu Jul 08 2004 - 19:33:37 EDT
I'm more interested in what should be classified as 'in-depth
knowledge' of TCP/IP. You mentioned 3way handshake which seems as an
intermediate level at best.
IMO, advanced would be knowing what information belongs at what offset
in a particular packet or knowing that a certain hex value represents
a certain combination of flags. I myself have a hard time just
remembering that TCP is protocol 6.
But not to get sidetracked (long day, sorry) I think its a given that
you should at the very least understand the functionality of TCP/IP.
Things such as threeway handshakes, tcp vs udp, addresses, ports, NAT
etc. Without this foundation your simply checking boxes in a program
over and over until you get the results your hoping for..
And to be longwinded, a few people asked where to find tutorials or
books. Too at least get a basic foundation I'd recommend looking at
material regarding the cisco CCNA exam (a free one was recently
released as .doc by a professor), googling and following .edu links,
or picking up any security book- the majority of them tend to touch on
such things. Or if your hardcore, pick up Stevens book "TCP/IP
Illustrated, VOL 1".
On Tue, 6 Jul 2004 21:20:46 -0400 (EDT), Don Parker
<dparker@rigelksecurity.com> wrote:
> Hello all, I just wanted to comment on what I see as a rather alarming trend in the
> security industry today. More and more many are becoming reliant upon tools to do their
> job whilst they ignore core components of their skillset. Specifically in this case an
> in-depth knowledge of TCP/IP.
>
> Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be
> attained by anyone who wishes to have a successful career in the network security
> industry today. One cannot become adept by simply using tools, and never knowing how to
> interpret the output by verifying the packets themselves.
>
> It constantly amazes me when I teach a TCP/IP Analysis course that people who are
> presently in the industy do not know of such basic TCP/IP concepts as the 3 way
> handshake and how ICMP works. That or being able to wholly dissect a packet and explain
> the relationships between various metrics.
>
> I would be curious to hear of your opinions on this?
>
> Cheers,
>
> Don
>
> -------------------------------------------
> Don Parker, GCIA
> Intrusion Detection Specialist
> Rigel Kent Security & Advisory Services Inc
> www.rigelksecurity.com
> ph :613.233.HACK
> fax:613.233.1788
> toll: 1-877-777-H8CK
> --------------------------------------------
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT