TCP/IP Weapons School Will Rock
Are you attending TCP/IP Weapons School at USENIX Security 2006 In Vancouver on 31 July and 1 August 2006? If yes, these are the topics I will cover:
I am really excited by this class. If you read the class description posted at USENIX, you'll notice it goes through levels 1-7. After creating 312 slides for a two-day class, I realized I needed to stop with level 3. I originally envisioned this class being a four-day affair, and once I develop material for levels 4-7 I can see it being a new four-day class.
One of the reasons I think this class will be special is that I generated Libpcap traces of all of the interesting traffic discussed in the class. Students can load them into Wireshark and follow along as we learn what they mean.
Developing the class was absolutely grueling (well, not like digging a ditch), but still fun. I had never used Yersinia to fake a trunk line and get access to VLAN traffic on a Cisco switch, but it's in the class now.
The USENIX class description recommends students bring some version of VMware to class so they can run a VM I will provide. I will indeed provide a FreeBSD VM including all of the tools I used on FreeBSD. I'll probably also include a Debian VM for those tools that didn't run on FreeBSD. However, you will not be able to duplicate all of the attacks I ran while developing this class. VMware is nice, but it cannot simulate conditions in a real hardware lab, especially when mucking around with layer 2.
If you have any questions, please post them here.
I am probably going to offer this same two-day class at USENIX LISA on 3-4 December 2006 in Washington, DC. I am contemplating offering additional material independent of USENIX, perhaps before the conference (which runs 3-8 December) or after the conference. That means Saturday 2 December or Saturday 9 December. These would be paid events separate from USENIX. If you would have any interest in attending training while you are in town, email me (richard at taosecurity dot com) with your ideas.
- Hardware and Network Design
- Bridges
- Hubs
- Switches
- Routers
- Duplex and Domains
- Layer-X Switches
- Middleboxes
- Local Area Networks
- xANs, VPNs, and WLANs
- VLANs
- Layer 1
- What is Layer 1?
- Ethernet
- Raw Ethernet (Nemesis)
- UTP
- Ethernet over UTP
- Fiber Optics
- Ethernet over Fiber Optics
- Ethernet Emulation over FireWire
- IP over FireWire
- IP over Wireless
- Layer 1 Attack
- Rogue Access Point
- Layer 2
- What is Layer 2?
- Ethernet Revisited
- Revisiting What is Layer 2?
- Test Network Layout
- Packet Delivery on the LAN
- Ethernet Interfaces
- ARP Basics
- ARP Request/Reply
- ARP Cache
- Arping
- Arpdig
- Arpwatch
- Dynamic Trunking Protocol
- Layer 2 Attacks
- Test LAN Reference
- Changing MAC Addresses
- MAC Flooding (Macof)
- ARP Denial of Service (Arp-sk)
- Port Stealing (Ettercap)
- Layer 2 Man-In-The-Middle (Ettercap)
- Dynamic Trunking Protocol Attack (Yersinia)
- Layer 3
- What is Layer 3?
- Internet Protocol
- Raw IP (Nemesis)
- IP Options (Fragtest)
- IP Time-To-Live (Traceroute)
- Internet Control Message Protocol (Sing)
- ICMP Error Messages (Gnetcat)
- Layer 3 Attacks
- IP Spoofing
- Gont ICMP Attacks
- ICMP Shell
I am really excited by this class. If you read the class description posted at USENIX, you'll notice it goes through levels 1-7. After creating 312 slides for a two-day class, I realized I needed to stop with level 3. I originally envisioned this class being a four-day affair, and once I develop material for levels 4-7 I can see it being a new four-day class.
One of the reasons I think this class will be special is that I generated Libpcap traces of all of the interesting traffic discussed in the class. Students can load them into Wireshark and follow along as we learn what they mean.
Developing the class was absolutely grueling (well, not like digging a ditch), but still fun. I had never used Yersinia to fake a trunk line and get access to VLAN traffic on a Cisco switch, but it's in the class now.
The USENIX class description recommends students bring some version of VMware to class so they can run a VM I will provide. I will indeed provide a FreeBSD VM including all of the tools I used on FreeBSD. I'll probably also include a Debian VM for those tools that didn't run on FreeBSD. However, you will not be able to duplicate all of the attacks I ran while developing this class. VMware is nice, but it cannot simulate conditions in a real hardware lab, especially when mucking around with layer 2.
If you have any questions, please post them here.
I am probably going to offer this same two-day class at USENIX LISA on 3-4 December 2006 in Washington, DC. I am contemplating offering additional material independent of USENIX, perhaps before the conference (which runs 3-8 December) or after the conference. That means Saturday 2 December or Saturday 9 December. These would be paid events separate from USENIX. If you would have any interest in attending training while you are in town, email me (richard at taosecurity dot com) with your ideas.
Comments
I will start offering TCP/IP Weapons School as an independent course to private organizations. I will probably also organize a public class, maybe before the end of 2006 but probably in early 2007. I don't intend to teach TWS anywhere else, unless invited to do so.
-LonerVamp
If its the later, how about you teaching that somewhere down south, particuarly down in the SA/Austin area and invite your old buddy John to the class? I'd invite you, I just couldn't pay you :)