open source tools help (contract) in DC area?

Howard_C_Berkowitz · July 25, 2005, 5:12pm

I need to get some short-term contract help on setting up a lab dealing with SP security issues, in the Washington DC area. Please contact me offline if interested. I am the technoid and will pass you on for the mercenary aspects.

ccitraining.net is developing a complex set of network security lab exercises involving Cisco routers and switches, Slackware 10.0 LINUX servers and workstations, and Windows workstations, the latter to be infected with worms as part of running the lab.

We need a *NIX administrator to help us get the appropriate, primarily open-source tools installed, running, and documented. Since we do not intend to teach the full tool command set, we will need shell scripts and/or command files to be piped to a telnet/SSH client to let the students access useful tool functions without being fully trained in the device. For that reason, we expect the primary interface to the tools will be command line, so that the tool control can be scripted. Students will use GUI functions only to display output from tools, or to access graphic functions in the tools.

Since there are multiple people working on the project in a virtual team, at different locations, it is absolutely essential that documentation be generated at the start of working with a tool, and then to be polished with final parameterization and use documentation. Documentation can be at the level of a couple of man pages, but it is essential that other team members can quickly find out how to parameterize and invoke the tools. Project managers also need to be able to track the status of tool implementation -- we do not consider an undocumented tool as installed.

Identified tools include:

    syslogd
    RRD (successor to MRTG)
      MIB objects to be accessed
    Flowscan/Flowtools (successors to cflowd)
    Ethereal

In addition, we will need a number of scripting tools to make incremental changes to router, switch and host configurations, as well as loading complete executables and images. We will also need Windows control to infect hosts with specific viruses and possibly bots, and to restore infected hosts to a stable environment.

Understanding, from the Windows and protocol standpoint, of worms, other DDoS, and BOTNETs will be very helpful. Knowledge of packet crafting tools for *NIX, which let us build arbitrary protocol packets to be used in attacking hosts and routers, will also be a big help.

Brad_Knowles2 · July 25, 2005, 6:27pm

I'm not convinced that this is an appropriate on-topic posting for NANOG. It seems to me that you would be much better off going through SANS or SAGE to find local groups in the area that could be helpful to you.

For example, I believe that if you contact the folks at dc.sage (see www.dc-sage.org), they are more likely to be able to help. I know there are several security and network-knowledgeable system administrators in dc.sage. I imagine that at least one or two of them should be consultants/contractors who can help you.

But it does seem to me that a more targeted search for assistance would have been appropriate.

Howard_C_Berkowitz · July 26, 2005, 12:41am

I need to get some short-term contract help on setting up a lab dealing
with SP security issues, in the Washington DC area. Please contact me
offline if interested. I am the technoid and will pass you on for the
mercenary aspects.

I'm not convinced that this is an appropriate on-topic posting for NANOG. It seems to me that you would be much better off going through SANS or SAGE to find local groups in the area that could be helpful to you.

Actually, the interest is in open-source ISP tools.

Brad_Knowles2 · July 26, 2005, 2:30pm

I'm not convinced that this is an appropriate on-topic posting for
NANOG. It seems to me that you would be much better off going
through SANS or SAGE to find local groups in the area that could be
helpful to you.

Actually, the interest is in open-source ISP tools.

Syslog is a standard *nix administration tool, useful for system administrators but also used by network administrators and anyone else doing any kind of administration on a *nix box. RRD, MRTG, and Ethereal are standard *nix network and system administration tools. Flowscan and Flowtools are standard *nix network administration tools. I see nothing here that is unique to the ISP environment.

Moreover, in the role of system administrator (not network administrator), I have personally used all but one of these toolsets -- flowscan/flowtools. As a system administrator, I've written syslog processing tools or hacked on syslog processing tools originally developed by others, and in some cases I've even taken over maintenance of those tools.

I see nothing here that is unique to the ISP environment.

Don't sweat it, Howard -- some people would rather slam you
for what you post to the list than help out. Shame, that.

I don't see anything in the original request that seems to make this post more suitable for NANOG than anywhere else. And I see nothing here that makes this post unique to an ISP environment, or even just more ISP-oriented than plain general network-oriented.

Moreover, Howard was talking about a virtual training group setting up shop that needed some help with what seemed to me to be some very basic stuff -- the sort of thing that I would hope any training group would have the in-house expertise to deal with, otherwise they wouldn't be qualified to be providing training on those topics.

However, I wanted to give him the benefit of the doubt, and assume that he just went to the wrong place to ask his question as opposed to asking the wrong question in the first place.

Part of the reason for my original response on this thread is that I have been chastised a couple of times by the new-generation moderators for being off-topic, and I recalled that we're trying to be more self-policing about these sorts of things.

I'm honestly trying to understand what is an on-topic post and what is not, and it seems to me that this is pretty clearly off-topic.

So what is on-topic? I've got a question that I've been thinking about for a while regarding SIP/VOIP white/yellow pages directory services and aggregation, and I've been afraid to ask here because I felt it might be too basic and non on-topic.

Joseph_S_D_Yao · July 26, 2005, 8:52pm

...

I'm honestly trying to understand what is an on-topic post and
what is not, and it seems to me that this is pretty clearly off-topic.

So what is on-topic? I've got a question that I've been thinking
about for a while regarding SIP/VOIP white/yellow pages directory
services and aggregation, and I've been afraid to ask here because I
felt it might be too basic and non on-topic.

...

Brad,

Since you convinced me to finally get on this mailing list, I've
received this more recently than you. Admittedly, not a completely
definitive description.

Perhaps more to the point, the initial poster is more likely to get a
helpful response from the dc-sage jobs mailing list, or the sg-dc
(security group) mailing list.