DLSLUG Notes, 4-October-2007: Ari Brown on Network Packets

[Ted Roche]

Ari Brown, a sophmore at Hanover High School and part-time student at
Dartmouth College, was the featured speaker for the October meeting of
the Dartmouth-Lake Sunapee Linux User Group, held as usual on the first
Thursday of the month on the Dartmouth Campus at 7 PM. This month, we
met in Haldeman Hall, lower floor, a cozy amphitheater with power at
each seat for the laptops!

Ari showed us some of the experiementing he has been doing creating and
crafting packets using Ruby as his scripting language. He started by
showing us a bit about nmap and showed the responses he could get from
scanning his own machine. Ari reviewed the structures of the various IP,
TCP, and arp packets (Bill Stearns provides a great reference from one
of his former students here [1]), and talked about how common SYN and
ACK attacks work. He talked about how machines can be fingerprinted
passively by monitoring and analyzing the packets they emit, citing a
passage from "Silence on the Wire," ISBN 5-59327-046-1, and gave some
interesting examples of how computers give away their identities.

[1] http://wiki.gnhlug.org/twiki2/bin/view/Www/IpReference

Thanks to Ari for an interesting presentation, to Bill McGonigle for
coordinating the meeting, and to all of the attendees for their
participation.

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com