BrainShare 2004 Session Notes ---------------------------------------------------------------------------- DEALS AND DISCOUNTS Did you get that $200 off coupon at the Protocol Analysis Institute booth? If not, use the code Z5E9BS04 when you register for the hands-on courses at www.hotlabs.org/laura. Expires April 3rd! You'll get the $1800 of licensed software at those courses. Can't attend - order the self-study. Didn't pick up a Laura's Lab Kit? You can order one from www.podbooks.com for the cost of shipping/handling only ---------------------------------------------------------------------------- Book recommendations: Defense and Detection Strategies against Internet Worms Jose Nazario 1-58053-537 Page 167 shows you how to set up a Linux box as a black hole monitor. Ethereal Packet Sniffing (what a weird name...) Angela D. Orebaugh, Gilbert Ramirez (Author) 1-932266-828 Kind of a manual to Ethereal - check out chapter 8. Join HTCIA! www.htcia.org - ask the local chapter president if you can attend as a guest to so you can meet folks there - you'll need to be sponsored for full membership. ARPwatch Linux tool to detect MiM redirections. Cool - try it out. Not on LLK yet. Mark Minasi is a great Windows Guru - read his stuff at www.minasi.com bginfo - that cool tool on my desktop that shows my IP address, patch level, MAC address and more. Get it free online at www.sysinternals.com Richard Salgado project.honeynet.org Legalities of using a honeypot Wireless stuff - www.fab-corp.com Omni Mag Mount Antenna - ask for your "wardriving" discount Aida32 - sad notes www.aida32.hu During the show, Tamas Miklos has announced discontinued development for Aida32. I tried to get another tools guy to take over, but Tamas said there is proprietary stuff in the code and he doesn't feel comfortable handing it off. Tamas has placed a list of other recommended tools up on his website, but we'll sure miss Aida32. TCPTRACE Another nice tool online at tcptrace.org. Just feed it a trace file and it will do the graphing for you. Free. Gnutella engine uses ports 6346 and 6347 by default but that is configurable. Wireless kismet - great tool to locate access points. Does not rely on polling. See www.kismetwireless.net. Tools to try against a honeypot - - LANGuard - scanning/vulnerabilities tool - NMap - scanning (SYN stealth; decoy) Not on LLK: - Packet Builder - www.engagesecurity.com - honeyd (GNU licensed) - dark IP - White Glove - Deception Toolkit (DTK) Fred Cohen's website link is on LLK - software Log file analysis: - www.counterpane.com - library > log file analyzer - sample log files - newsletter - Cryptogram (dog house section) Bruce Schneier Cheswick Password file - WHY ARE YOU WASTING YOUR TIME Ethereal Presentation: Should have had the websit for winpcap on it - winpcap.polito.it Great website to play at - www.all.net Deception Toolkit/White Glove (bootable linux)- Fred Cohen Cracking Game Check out www.packet-level.net/funwithbill/ I'm still hunting around for my animation (blood-sucking) - got a little busy upon my return. It'll surface one day! ---------------------------------------------------------------------------- Thanks for catching my sessions at BrainShare 2004! Special thanks to Mike Morgan and Steve Sheffield from Novell. They're the ones who keep me in the loop and bring me back each year. Big thanks to all of you who waited in the long lines to get into the sessions. We'll do something about that next year...