Summit08 Wraps!

Puff, puff... It's a heck of a lot of work putting on a conference - hats off to the folks who do it year in and year out and actually smile through the process (they must have some strong meds). You are a sick lot, you know! Anyone care to guess how many pieces of bacon, sodas and beers were downed during the two-day Troubleshooting and Security Summit08 conference (November 4-5)? Me neither.

One of the highlights of the conference was having Gerald Combs (creator of Wireshark) join us to talk about capturing traffic in a virtual environment and Tom Quilty (BD Investigations) talking about the steps to take before and after a network breach occurs. Who ya gonna call?

It was great sitting around a table at the vendor party with those two as well as Ron Nutter from Network World as we swapped geeky war stories and shared some of the inside scoop on cybercrime events and Wireshark development (which are mutually exclusive topics, by the way). He he...

For those of you who didn't join us, you missed a great time. We played with VoIP reassembly, some ugly WLAN communications, loads of ugly file transfers caused by packet loss/high latency, a DHCP server gone awry, nasty SNMP traffic (that we configured to see using the MIB printer configuration), problems with autonegotiation, SMB2 protocol negotiation during a Vista client/Server 2008 connection, lost packets, totally pathetic websites, evidence of a "DNS walking" application, a redirector infection, SNMP scanning host and traffic hidden through port swapping.

Two nights before the conference I added a set of trace files taken at a client and a server - I really wanted to show how to alter the timestamps because one analyzer was off on the timesync and then merge the two traces together, colorizing the two sets to differentiate them. I love this stuff!

Now my days are spent buiding the Summit 08 Wrap-Up site - if you attended Summit 08 you will receive your login credentials by the end of the week. I've put together four videos covering the MS08-067 vulnerability, the trace file merging process, building and sending custom packets and the Summit 08 Wrap-Up Checklist. In addition, I have a discount code for NetScanTools Pro and Pilot/Pilot+AirPcap EX3 bundle also going up on your Wrap-Up site (you already should have the code for 50% off the Wireshark University self-paced courses - good through December 31st).

So... would we ever do the conference again? Absolutely! We've already started planning based on the feedback we received. Register for notification at http://www.chappellsummit.com/ and I'll send you an email when Summit 09 registration opens and details on the Early Bird Special pricing. Alumnae will get special discounted pricing on Summit 09.

Now... just a couple more days until I head off to Portugal for the Vantagem conference. After that, it's the ATT Live conferences in Salt Lake City and then... well... then it's 2009 and time to start development on Summit 09!

Laura

[off to the Wrath of the Lich King launch party... 2 hours and counting...]

Pimping Podcasts and Packets

Well... with a title like that you just have to read this, don't ya?

Ok... there are really two subjects here - one is pimping podcasts and the other is packets, but they came together this evening with a new podcast series I am developing and a quick analysis of some podcasting traffic.

Pimping podcasts? This title came to mind as I searched for some lead-in/closing music for the upcoming podcast series. After searching for royalty-free music for a bit, I found a little ditty that turned my head (including my ears). The music was described as "70's, pimp-stylin, funkin', porn music. If prostitution is a victimless crime, then where's my wallet?"

I HAD to listen to this music!

Sure enough - this was some seriously funky music - it dripped of sexual innuendo with loads of wawawa slipping through dadum dadum with a funk beat - this could have been background music for Shaft! I could honestly imagine myself following that attitude-adjusting swank with a serious conversation about the If-Modified-Since HTTP header field! What a mood setter!

Note: We'll cover the importance of that header field in the upcoming Summit 08 (http://www.chappellsummit.com/) when analyzing web browsing traffic.

So what do packets have to do with this? Well... since I was on the topic of podcasting, I thought I'd check out the traffic rate of the recent podcast I did with Ron Nutter's Help Desk Toolchest over at Network World (http://www.networkworld.com/podcasts/nutter/) - I found that the podcast MP3 file was 31,640,580 bytes and downloaded in just over 30 seconds at an average rate of 8.77 Mbit/s. This was waaaaay bigger than the Internet radio trace I'd taken a while back when studying streaming methods and bandwidth usage. Ron's podcast runs for 65 minutes and 55 seconds. When there I injected traffic into the network to cause packet loss and higher latency, I didn't notice it at all.

Tomorrow I should finish my analysis of Spore's network traffic and have the signatures to spot and eradicate that little primordial slime off the network (oh, sure... play it at home all you want!).

Laura
Don't forget - register for the Summit by September 30th for the Early Bird Special!
http://www.chappellsummit.com/

Where the *(@#$# Have I Been?

It's been ages since my last post - so where on Earth have I been (assuming I've been on Earth, of course). Good question...

I've been halfway around the world in Canberra, Australia (snoooooooze) and assorted places in the US. Mostly, however, I have been buried in the deep, dark and exotic... lab! Playing around with the VoIP analysis functions in Wireshark, cool enhancements in NetScanTools Pro and wireless views in Pilot. I'm also enjoying playing with systems that have been left naked and exposed on the Internet (eek!) - analyzing the methods used to compromise those systems.

I've also been writing a series of articles on topics ranging from "Optimize Your Network Regardless of IT Budget Cuts" (www.chappellsummit.com) to "Getting More Pool Time (aka Graphing Wireless Network Behavior with Pilot™)" (searchnetworking.techtarget.com) and "Enhancing Windows® XP Performance with RFC 1323" (also searchnetworking.techtarget.com) and a few podcasts with my friend Ron Nutter were we discussed DNS security faults, strange traffic on the network (check out the live analysis results of going to www.usatoday.com - yucko!), and Microsoft's TCP enhancements in Vista/Server 2008 (all three to air at www.networkworld.com/podcasts/nutter/).

Most excitingly, however, I've been working on the Student Manuals for the Summit (Network Analysis and Network Forensics Training) that takes place November 4-5 (www.chappellsummit.com) - I extended the Early Bird registration price until September 30th because of the hardships caused by Ike and the roller coaster ride we call the Stock Market.

Over the next two weeks I'll be releasing some of the lab information for the Summit - giving you a taste of the hands-on labs that we'll tackle together. Oh, yeah... we'll definitely do some VoIP playback and work in the wireless world! Join us for accelerated analysis/forensics training at the Summit.

Better go - it's 5:30pm and I have a few more hours-worth of trace files I want to review this evening! Yippie!

Laura