Penetration Testing mailing list archives

RE: TCP/IP skills

From: "Vaccare, Anthony" <RVaccare () ola state md us>
Date: Thu, 8 Jul 2004 15:30:38 -0400

Believe it or not, a co-worker, who didn't have even a basic
understanding about TCP/IP, packets, headers, IP addressing and
subnetting, was sent out with me to review a router!  It was the worst
TWO months of my career.  This person was not new to IT either - approx.
7 years in the field!  I was appalled at some of the questions he asked.
Needless to say, I let him know it was not my job to teach him the
fundamentals of TCP/IP, so he'd have to do the best he could at
answering the 'yes/no' questions on our questionnaire.

-----Original Message-----
From: Vlad [mailto:vladkors () gmail com] 
Sent: Thursday, July 08, 2004 4:39 AM
To: Don Parker
Cc: pen-test () securityfocus com; vuln-dev () securityfocus com
Subject: Re: TCP/IP skills

Here's a nice article Security Focus has published some time ago
dealing with this very subject.

TCP/IP Skills Required for Security Analysts
http://www.securityfocus.com/infocus/1779

As for my opinion, I can't agree more. Advance (IP) networking skills
should be a vital and an inseparable part of a security experts'
knowledge. Although there might be some exceptions, a "security
expert" that lacks the basics of TCP/IP, that has no idea what a
packet is constructed of, is nothing more then a script kiddie.

Regards,
   - Vlad.


On Tue, 6 Jul 2004 21:20:46 -0400 (EDT), Don Parker
<dparker () rigelksecurity com> wrote:

Hello all, I just wanted to comment on what I see as a rather alarming

trend in the

security industry today. More and more many are becoming reliant upon

tools to do their

job whilst they ignore core components of their skillset. Specifically

in this case an

in-depth knowledge of TCP/IP.

Knowing TCP/IP at a granular level in my opinion is very much a core

skill that must be

attained by anyone who wishes to have a successful career in the

network security

industry today. One cannot become adept by simply using tools, and

never knowing how to

interpret the output by verifying the packets themselves.

It constantly amazes me when I teach a TCP/IP Analysis course that

people who are

presently in the industy do not know of such basic TCP/IP concepts as

the 3 way

handshake and how ICMP works. That or being able to wholly dissect a

packet and explain

the relationships between various metrics.

I would be curious to hear of your opinions on this?

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------






********************************************************************************************************************
This email and any file transmitted with it may be confidential and is intended solely for the use of the individual or 
entity to whom it is addressed.  If you received this email in error please notify the DBM Service Desk by forwarding 
this message to servdesk () dbm state md us.


This email has been scanned by networkMaryland Antivirus Service for the presence of computer viruses.

Current thread:

RE: TCP/IP skills, (continued)
- - RE: TCP/IP skills Rocky Heckman (Jul 13)
  - Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
  - Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
- RE: TCP/IP skills Parish Zachary Z AB 381 IS/SCSS (Jul 13)