Shmoocon Labs Part 4 – Wrap Up «

Shmoocon Labs Part 4 – Wrap Up

February 23rd, 2010

Sorry this post took so long, crunchtime kicked in with the class I’m teaching and so did the grading apocolypse! heh!

So to wrap up this series of posts I wanted to point out that one of the guys on my netmon team was trying to figure out why our Cisco switch wouldn’t ping — what was it? Reboot! Good old reboot! We also were reminded that the newer Cisco switches only support 802.1q VLANS. I hadn’t used alot of the cmd line lately in the latest cisco 2960s, but, there is no “switchport trunk encapsulation” command — it’s automatically dot1q — ISL is not supported on these devices.

I had a few other goals I didn’t accomplish. One was to import the latest version of the OSVDB into OSSIM in order to correlate attacks off of the most current database of vulnerabilities. We never got that far. What I realized late Friday was Shmoo Labs really ended at the 12-3pm time frame on Friday, and at that point, many people went out to enjoy the conference… so any further progress was limited if the person who configured something wasn’t available. For example… we wanted to get better SNMP polling of wireless devices — we eventually got that working, but not as well as intended. We did kinda get sFlow working from the Force10 gear that was part of the hostile network — interesting output.

I ended up last minute heading the OSSIM team and the Netmon team. I should have realized that my current interest at the time was learning as much as possible about OSSIM, as well as new network monitoring techniques, but while I should have been leading/helping others out and maybe being more of a teacher, I ended up mostly absorbed in the OSSIM stuff most of the time. Next year if I’m leading a group I will definitely take a different approach. Everyone involved learned a hell of a lot either way, but I think we would have had more to “show off” had I taken more of a guide role, then a tech in the trenches role.

All in all, a great learning experience, a fun time hanging out with everyone, and a challenge to get a lot done in 36 hours. I had a great time, and hope to do this next year and even at other cons. I also got to work with the OSSIM guys rather closely and I learned alot from them also. It was well worth the $50 and we got a tshirt and a cool little toolkit (those fold-able grips with screwdrivers attached — what do you call those? )

Next adventure for me? ISTS at RIT in March. We got Mubix coming up, as well as a few surprises maybe! Here’s their site.

You can read Part One here, and Part Two here, and Part Three here.