Tuesday, March 20, 2007

Dark Reading on Two Topics that were Interesting in 1998

I had only been at Trident a few months when the ASIM developers (where were on the same floor in the building overlooking San Pedro and 410) were pondering Insertion, Evasion, and Denial and gloating about how it impacted NetRanger. At this time there was a lot of jealousy at Trident following the Wheel Group acquisition. And then by that summer, the geniuses at Trident management (yeah let's get retired Air Force O-5's to run a company, good one) cooked up the idea to spinoff their scanning tool (Network Toolbox was it called).

Somewhere around then I ran across the Apostols (yes, go to their website now and see what it says compared to back in the day) tool, Queso and I added it to the network security class I taught. Good stuff. We ran it and all the other tools in the class against the Trident corporate site and it only took about a day and a half (or maybe it was 5 hours) for the director of IT for the San Antonio region to come running up the stairs breathlessly with RealSecure printouts. SYN scans, my ass.

Happy times. Lots of drinking margaritas during lunch and working on Trinux waiting for the Veridian deal to close so I could cash out my stock options and be able to afford a 140k 3-1 in Crestview. We'll leave the bit about CCTI for another blog. And lots left about working at the phone company. Talk about dull.

In 2000 (a few months after starting at Cisco) I wasted several man-months on a project that compared the TCP sequence number plots of dozens of trains of IOS/CatOS on dozens of different hardware platforms. I even did some bullshit statistics in Excel that showed how it was sort of possible to determine which version of IOS was running on a box, well if you had all the data I had.

Sort of interesting, especially if you've got all the time on your hands and a lab full of Cisco gear. But an Utter waste of time. A truly "academic" endeavor, disrespect intended. Grab fingerprint then attack! is something along these lines.

No comments: