Penetration Testing mailing list archives
RE: TCP/IP skills
From: "Eric McCarty" <eric () lawmpd com>
Date: Thu, 8 Jul 2004 14:34:55 -0700
Ok, I'll play Devil's Advocate on this one. Do you really need to know how TCP/IP works? Lets be honest here, Server A starts rebooting with lsass errors, hit up google and there you go. A mysterious FTP Server appears showing a banner of "This Distro br0ught 2 u by ___", do u need to know TCP/IP to fix/mitigate this issue?. Diagnosing a problem? the ICMP tools suite used to be the tools of the trade but with so many routers/firewalls dropping ICMP now its hard to call it a reliable diagnosis tool. How many websites won't respond to a ping but will fire up in mozilla just fine?. A lot of Info Sec or IT People don't know about SYN's, ACK's, FIN's, RSET's or even what packets are, why?, because they don't need to know to accomplish their job. So is it that there is lack of education as a downfall of IT Laziness or due to technological advancements in tools making this education unnecessary for so called Info Sec Pro's?. To put this into perspective, do you need to know about Stoichometric Ratios to change spark plugs?, nope. Do you need to know how electricity works to operate a power drill?, nope. If I'm off base let me know, and as I don my flame suit I will say that you will never find me without a book nearby and I believe firmly in education, IT or otherwise. Eric McCarty -----Original Message----- From: Don Parker [mailto:dparker () rigelksecurity com] Sent: Tuesday, July 06, 2004 6:21 PM To: pen-test () securityfocus com; vuln-dev () securityfocus com Subject: TCP/IP skills Hello all, I just wanted to comment on what I see as a rather alarming trend in the security industry today. More and more many are becoming reliant upon tools to do their job whilst they ignore core components of their skillset. Specifically in this case an in-depth knowledge of TCP/IP. Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be attained by anyone who wishes to have a successful career in the network security industry today. One cannot become adept by simply using tools, and never knowing how to interpret the output by verifying the packets themselves. It constantly amazes me when I teach a TCP/IP Analysis course that people who are presently in the industy do not know of such basic TCP/IP concepts as the 3 way handshake and how ICMP works. That or being able to wholly dissect a packet and explain the relationships between various metrics. I would be curious to hear of your opinions on this? Cheers, Don ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.233.HACK fax:613.233.1788 toll: 1-877-777-H8CK --------------------------------------------
Current thread:
- Re: TCP/IP skills, (continued)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
- Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
- RE: TCP/IP skills Parish Zachary Z AB 381 IS/SCSS (Jul 13)