Penetration Testing mailing list archives

Re: TCP/IP skills

From: <captgoodnight () acsalaska net>
Date: Wed, 07 Jul 2004 17:40:00 -0800



----- Original Message -----
From: Don Parker <dparker () rigelksecurity com>
Date: Tuesday, July 6, 2004 5:20 pm
Subject: TCP/IP skills

Hello all, I just wanted to comment on what I see as a rather 
alarming trend in the 
security industry today. More and more many are becoming reliant 
upon tools to do their 
job whilst they ignore core components of their skillset. 
Specifically in this case an 
in-depth knowledge of TCP/IP. 

Knowing TCP/IP at a granular level in my opinion is very much a 
core skill that must be 
attained by anyone who wishes to have a successful career in the 
network security 
industry today. One cannot become adept by simply using tools, and 
never knowing how to 
interpret the output by verifying the packets themselves. 

It constantly amazes me when I teach a TCP/IP Analysis course that 
people who are 
presently in the industy do not know of such basic TCP/IP concepts 
as the 3 way 
handshake and how ICMP works. That or being able to wholly dissect 
a packet and explain 
the relationships between various metrics. 

I would be curious to hear of your opinions on this?


I totally agree! The more I speak to other security
"professionals" the more I see that most have not a clue in regards to packet crafting/disecting/ISOOSI
model. It's kinda sad, but it seems, most are geared to the application and not the foundation of things.


 Not to start a OS war, but I must admit, my fellow linux security penguins seem to know more about the depth of 
security than do my only MS friends. This kinda pushes me in the direction of thought that since linux guruship is so 
deep into the kernel/coding realm, that it's simply natural for my penguin friends to dive into the deep. Where perhaps 
since MS for the most part is so "USER/GUI" minded, that it's kinda a challenge to find the motivation or desire if you 
will, to really dig into what our fingertips can touch. I swear I'm not trying to start a os debate, I'm just speaking 
for what my eyes and ears witness. To sum it up from my perspective, *nix is for the scientist, MS,APPLE is for the 
USER. Please know, I do know a few MS gurus that know a hell of alot more than me, but know, they use linux/unix too 
and have been in the field since the days of blue boxs ;)

And if your a MS only security guru, who knows the deep, I bow to you; there's truly is only a few.

peace,
cg

Current thread:

Re: TCP/IP skills, (continued)
- Re: TCP/IP skills Nelson Santos (Jul 08)
- RE: TCP/IP skills Naveed (Jul 08)
- Re: TCP/IP skills Mark W. Webb (Jul 08)
- Re: TCP/IP skills Vlad (Jul 08)
- Re: TCP/IP skills Jordan Cole (stilist) (Jul 08)
  - RE: TCP/IP skills Rocky Heckman (Jul 13)
  - Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
  - Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
- RE: TCP/IP skills Parish Zachary Z AB 381 IS/SCSS (Jul 13)