Penetration Testing mailing list archives

FW: TCP/IP skills

From: drbitbucket () comcast net
Date: Thu, 08 Jul 2004 17:48:51 +0000

I couldn't agree more.  Using the tools is one thing.  Knowing how they work is entirely another.  Having those core 
skills not only allows you to dig down, deep, and understand what really is happening, but it also allows you to choose 
which tools do a good job and improve upon them or find other tools if they don't give you what you want.  

Of course, knowing what you want is another of those skills that comes from a greater understanding of security as it 
applies to network traffic as well as operating system/service stimulus and responses.

Acquiring those skills don't come over night either, it takes a lot of work and time.  It is tempting to many to simply 
use the tools without getting to know the fundamentals.

Jon Repaci, GCIA, CISSP


-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com]
Sent: Tuesday, July 06, 2004 7:21 PM
To: pen-test () securityfocus com; vuln-dev () securityfocus com
Subject: TCP/IP skills


Hello all, I just wanted to comment on what I see as a rather alarming trend in 
the 
security industry today. More and more many are becoming reliant upon tools to 
do their 
job whilst they ignore core components of their skillset. Specifically in this 
case an 
in-depth knowledge of TCP/IP. 

Knowing TCP/IP at a granular level in my opinion is very much a core skill that 
must be 
attained by anyone who wishes to have a successful career in the network 
security 
industry today. One cannot become adept by simply using tools, and never knowing 
how to 
interpret the output by verifying the packets themselves. 

It constantly amazes me when I teach a TCP/IP Analysis course that people who 
are 
presently in the industy do not know of such basic TCP/IP concepts as the 3 way 
handshake and how ICMP works. That or being able to wholly dissect a packet and 
explain 
the relationships between various metrics. 

I would be curious to hear of your opinions on this?

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

Current thread:

Re: TCP/IP skills, (continued)
- Re: TCP/IP skills Nigel Stepp (Jul 08)
- Re: TCP/IP skills Nelson Santos (Jul 08)
- RE: TCP/IP skills Naveed (Jul 08)
- Re: TCP/IP skills Mark W. Webb (Jul 08)
- Re: TCP/IP skills Vlad (Jul 08)
- Re: TCP/IP skills Jordan Cole (stilist) (Jul 08)
  - RE: TCP/IP skills Rocky Heckman (Jul 13)
  - Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
  - Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
- RE: TCP/IP skills Parish Zachary Z AB 381 IS/SCSS (Jul 13)