Wow...great talks so far today. And what better way to stay up on the latest schedule (and last minute changes) than by registering with defcon by phone. I called up and asterisk box, it called me back, I set a super secret pin and wammo...I'm in.
It's always easier for me to use the same 4 digit pin for all my access codes and registering my home fone was important to make sure I do not miss any updates.
Anyway Mudge (along with two wiskey sour's..I think) gave an attempt at defining some laws of internal networks, that if broken could be an early indication of a compromise. This whole idea exploits the fact that internet networks and associated layer 2 and layer 3 activity have fundimental differences that the respective activity on an intranet. It is worth noting that very few IDS's deployed on internal networks actualy look for this anomylous activity
For example we should not expect a file server to generate layer 3 traffic associated with web surfing. Or we would not expect to find a desktop accepting connections from clients. We would expect that layer 2 activity would have a constant MTU size on an internal network, that packets would arrive in order, and so forth.
Richard Theime was talking about hacker culture as he does...it was good content, until he digressed into interplantary travel and the assoicated space ships traveling beyond the speed of light.
Bruce and later the rest of the shmoo group had some good insights and one bad one. First the bad one. Well maybe not bad, just misguided from my point of veiw. I'll start by saying I think openbsd is the best operating system...ok, now that that's out of the way...Bruce tried to make the case that bsd is better than linux.
In fairness, the talk was framed as a 'discussion'. He even made windows look better than linux. The 0xbeef of the argument was that userland utilites are integrated in formal *bsd releases in contrast to linux where the kernel and userland development are disjoint and are 'glued' together differently by each distro.
My response to that argument, while true, is that userland and kernel developers are different in the bsd world as well and use just as much glue and the linux distro guys.
It was also pointed out that patches and advisories to windows are much more rapid and formalized than in the linux world. bsd patches were not part of the discussion...wonder why? Hmm..well bsd patches come out very quickly, in source code... that's for sure...what could it be. Here is the secret to maximum bsd uptime...don't patch. for those that don't know what I'm talking about...likley you have never run bsd boxes in production.
So lets see...I'm going to patch my prod systems today...guess I have to recompile the entire os...that does not happen too often outside a lab environment or desktop .
Enough of the bad news. Bruce then came back with Bettle and demonstrated rouge squadren, a new wrt54g firmware they wrote to show how easy it is to set up a rouge access point. Very nice work.
I entered the lockpicking contest. Boy was that fun...10 minutes to pick a weiser lock...seemed easy enough. I did not have enough practice going into it. I normally can pick a wieser core in less than 2 minutes...geeez. I think I heard these locks had 8 pin settings. Maybe different than mine. I got a shirt out of it anyway. There is always next year.
Some friends and I [literally] chilled out in my room and watched defcon tv...then went to dinner.
-
Posts
No comments:
Post a Comment