RE: TCP/IP skills

• Previous message: Rocky Heckman: "RE: TCP/IP skills"
• Maybe in reply to: Don Parker: "TCP/IP skills"
• Next in thread: drbitbucket_at_comcast.net: "Re: TCP/IP skills"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 8 Jul 2004 14:34:55 -0700
To: "Don Parker" <dparker@rigelksecurity.com>, <pen-test@securityfocus.com>, <vuln-dev@securityfocus.com>

Ok, I'll play Devil's Advocate on this one. Do you really need to know how TCP/IP works? Lets be honest here, Server A starts rebooting with lsass errors, hit up google and there you go. A mysterious FTP Server appears showing a banner of "This Distro br0ught 2 u by ___", do u need to know TCP/IP to fix/mitigate this issue?. Diagnosing a problem? the ICMP tools suite used to be the tools of the trade but with so many routers/firewalls dropping ICMP now its hard to call it a reliable diagnosis tool. How many websites won't respond to a ping but will fire up in mozilla just fine?.

A lot of Info Sec or IT People don't know about SYN's, ACK's, FIN's, RSET's or even what packets are, why?, because they don't need to know to accomplish their job. So is it that there is lack of education as a downfall of IT Laziness or due to technological advancements in tools making this education unnecessary for so called Info Sec Pro's?.

To put this into perspective, do you need to know about Stoichometric Ratios to change spark plugs?, nope. Do you need to know how electricity works to operate a power drill?, nope.

If I'm off base let me know, and as I don my flame suit I will say that you will never find me without a book nearby and I believe firmly in education, IT or otherwise.

Eric McCarty

-----Original Message-----
From: Don Parker [mailto:dparker@rigelksecurity.com]
Sent: Tuesday, July 06, 2004 6:21 PM
To: pen-test@securityfocus.com; vuln-dev@securityfocus.com
Subject: TCP/IP skills

Hello all, I just wanted to comment on what I see as a rather alarming trend in the
security industry today. More and more many are becoming reliant upon tools to do their
job whilst they ignore core components of their skillset. Specifically in this case an
in-depth knowledge of TCP/IP.

Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be
attained by anyone who wishes to have a successful career in the network security
industry today. One cannot become adept by simply using tools, and never knowing how to
interpret the output by verifying the packets themselves.

It constantly amazes me when I teach a TCP/IP Analysis course that people who are
presently in the industy do not know of such basic TCP/IP concepts as the 3 way
handshake and how ICMP works. That or being able to wholly dissect a packet and explain
the relationships between various metrics.

I would be curious to hear of your opinions on this?

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

• Previous message: Rocky Heckman: "RE: TCP/IP skills"
• Maybe in reply to: Don Parker: "TCP/IP skills"
• Next in thread: drbitbucket_at_comcast.net: "Re: TCP/IP skills"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]