Announcement

Collapse
No announcement yet.

DC19 Network

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DC19 Network

    Last year we did a bunch of new stuff...

    802.1x WiFi Encryption
    FreeForAll Area
    DefCon Mobile Edition Agenda
    Bigger GB's

    Was that useful? Did it work for you? Should we continue it?
    (don't ask me to fix AT&T's 3G network - I leave that to you :)

    What else do you want? New Stuff? Old Stuff?

  • #2
    Re: DC19 Network

    The mobile agendas were great and would love to see them again along with more mobile friendly web content. Not having to carry around (and tear up/lose) my official schedule was a great convenience. The auth/encrypted WiFi was also great as it provided a secure (at least to the best of our knowledge) alternative Internet access to the before mentioned issues with cellular carriers. The FreeForAll area is great and I consider it to be a staple of the con. And obviously, the more bandwidth the better. As for new...

    More live log viewing - I would love to see (almost) live MRTG graphs of bandwidth, IPFIX traffic breakdowns, CPU/mem/associations/etc of the various network devices. Maybe we could come up with a dynamic way of showing the TCP/UDP (or higher layer protocols like BitTorrent) data streams as they are built, used, and torn down? It might also be interesting to see streams of the debug/syslog/consoles of the various network devices.

    IPv6 support - I have no good reason for this other than to do it just because we can. Many people complain IPv6 isn't secure because it hasn't been fully vetted in the field. I can't imagine a better place to give the vetting process a booster shot than the Def Con 19 network.

    IPTV/Multicast Video - Another cool addition I would like to see is live (VLC compatable) multicast IPTV streams of the presentation hall video feeds made available on some or all of the various networks available to us at the Rio (inspired by some of the discussion occurring in the Defcon 19: Viewing Suite Planning thread). My geeky nature makes me want to say go hi-def (hmm... hi-def... def con... "hi-def con"?) but admittedly, I realize the concerns using WiFi as a distribution medium would create (bandwidth, RF noise, jitter, packet loss, etc). Is it realistic to upgrade the entire WiFi network to 802.11n 4x4 mimo (better question, would that be enough to actually help)? Maybe a smaller/separate/dedicated wireless network with only the video streams could be put into place? Could we splice into the hotel network and stream wired/wirelessly to the rooms (providing an alternative/augmentation to hotel's four avaliable conference channels... multiple laptops = "picture-in-a-picture" solution to the issue of having multiple streams per room and lack of avaliable CCTV channels)? I don't see Unicast streaming the video from the con to the Internet as practice (bandwidth or cost effective) but maybe we could cross connect with a carrier that has access to mBone/Internet2 and multicast stream to the Internet that way (local university... UNLV)?

    More outside traffic in - Yes, I know, this is inviting issues. I also admin that more than one of my other suggestions above has this same issue but I ask... is that not the fun of Def Con?

    I know I posed more questions/suggestions that requests/answers but hopefully this will fuel some more ideas and go from there.

    Comment


    • #3
      Re: DC19 Network

      Awesome - we'll keep up the stuff from last year then! I'm glad the mobile agenda app worked out well! I wasn't entirely sure if people would dig it, or just go "eh." I looked back at my notes and 1300+ people used it, so I'm happy about that :)

      Originally posted by OMA View Post
      More live log viewing
      Some of that's not hard for us to do. We've got the MRTG/Cacti graphs already, so it's just a matter of making those available for everyone to see. We've had a focus on monitoring the last few years, now we can just augment that as "monitoring & publishing" :) console-log scroll, eh? Hmmm. Easy enough, and if people want to stare at it, sure.

      The protocol analysis - this is actually a great idea where YOU (collectively) can get involved! We can give span ports to people if they want to look at the traffic flows, do some analysis, and especially publish to the con in real-time. Why not? :)

      IPv6 support
      You just gave me a great idea for a CONTEST!

      IPTV/Multicast Video
      We are actually talking about what it would take to upgrade our gear to support 802.11n - discussion is happening in the back rooms now. I doubt we could get into the hotel network (the one that runs to rooms) - but what you're really talking about is making the DCTV content available to the rooms - outside of the con network.


      More outside traffic in
      Go on.... say more :) One thing we also have to pay attention to is making sure con attendees get real benefit for their price of admission - if too much network content is available whether you're on-site or not, then it de-values the effort to *go* to DefCon. It's always a balance, right? So if you think of something we should be "enabling" more from the outside, I'm all ears!


      Thanks for the ideas - definitely got us thinking!!

      Comment


      • #4
        Re: DC19 Network

        Good to hear about keeping the mobile agenda app. The only thing I would encourage is maximizing cross-device support. This is admitted a selfish request as I recently switched from my old iPhone to a new Blackberry. That said, I also realize there are limitations to this request and will happily survive using my paper agenda if Blackberry (or other device) support isn’t perfect.

        I figured the network team had Cacti (or something similar) and other monitoring software running. I don’t have any intention of sitting around my room staring at it but I do find it interesting to see network trends/events as they are occurring. Being one of the most hostile networks in the world, this should provide some interesting insight.

        Thank you for reminding me about the SPAN ports. I’m not much of a programmer but I have lots of time to come up with something.

        Contest you say… You have my attention! I will have to keep a close eye on the contest page.

        802.11n would be sweet for the same reason I think IPv6 is sweet. It’s hard to say whether or not it will actually be of true value without seeing last year’s data on access point bandwidth utilization or committing to doing something crazy like pushing high definition DCTV over the WiFi network. Still cool though.

        Depending on how the hotel’s network is setup, multicast might… I am thinking I will just shut up now and have something to look into when I get into Vegas that Thursday.

        I completely agree with you about not letting too much in or out of the network. I will give the idea of letting more in/out some more thought and see if I can come up with any more specific ideas.

        Thanks!

        Comment


        • #5
          Re: DC19 Network

          The only bummer bout the Encrypted network is that it kind of kills the Wall of Sheep which is always a hoot!

          Comment


          • #6
            Re: DC19 Network

            I agree with Forty Seven. The Wall of Sheep activity was limited based on the secured network and the decision (of the powers to be) to not mess with the secured network.

            Comment


            • #7
              Re: DC19 Network

              I see why the secured network isn't touched in terms of the wall of sheep though i believe it should be as it offers a false sense of security. If there running there own security show them on the board whats happening. Speaking of which im not sure how im going to get it down there but i have a spare server not sure if your running any sort of rules on the line but its fairly new and pretty powerful i use it for development purposes and wouldn't mind seeing its potential, thats if i find a low cost method of transportation without it getting destroyed

              Comment


              • #8
                Re: DC19 Network

                So should there be a wide area freeforall network that gets fed to wall of sheep, open to all, and the secured network that you create or get a pre-generated password for?
                The Dark Tangent: Use PGP for email Key ID: 0x8B0B476D
                Fingerprint: EA2B 63F9 2219 9171 2AB1 0065 FC59 8B0B 476D

                Comment


                • #9
                  Re: DC19 Network

                  Originally posted by Dark Tangent View Post
                  So should there be a wide area freeforall network that gets fed to wall of sheep, open to all, and the secured network that you create or get a pre-generated password for?
                  Yes Sir Boss! Pass as much to the wall of sheep as possible. Its a great way of seeing how secure things really are and a great teaching opportunity to those who want to understand the methods and techniques used to capture data.

                  It is also a perfect situation for comparing and testing the many tools available for sniffing packets.

                  Maybe the con should not even offer a secured network. It's almost like offering training wheels to the tour de France riders.

                  Comment


                  • #10
                    Re: DC19 Network

                    heh... bring back the DriftNet wall.
                    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                    - Trent Reznor

                    Comment


                    • #11
                      Re: DC19 Network

                      Dear Network Gods,
                      I'm going to run an IDS and visualization tool on whatever WiFi traffic I can capture ([un]official forum at https://forum.defcon.org/forumdisplay.php?f=600).

                      I'd be more than happy to coordinate with y'all if you want to give me access to a SPAN port or something. Or if you want me to gather certain information from the IDS... I'll be using Bro which is sorta like netflow + snort + layer 7 switch + steroids....

                      Ping me at dan at bizling dot com if I can help.

                      Also: thanks for the work y'all do every year.

                      Dan

                      Comment


                      • #12
                        Re: DC19 Network

                        Question:

                        We're still doing the secure wifi - it's something enough people want that it's worth providing. The question on the table for ya'll is: Do you want us to pre-gen unique login credentials and hand them out at reg with your badge - or do you want to gen your own (like we did last year).

                        Or does it matter to you?

                        Comment


                        • #13
                          Re: DC19 Network

                          Originally posted by Lockheed View Post
                          Question:

                          We're still doing the secure wifi - it's something enough people want that it's worth providing. The question on the table for ya'll is: Do you want us to pre-gen unique login credentials and hand them out at reg with your badge - or do you want to gen your own (like we did last year).

                          Or does it matter to you?
                          I prefer gen your own, simply because I don't want to have to "go to this place, do this" physically.

                          I didn't use the secure wifi last year, but I am giving it consideration this year.
                          Aut disce aut discede

                          Comment


                          • #14
                            Re: DC19 Network

                            I'm suspicious of anything handed to me at DC. I won a 8G USB flash drive last year and I STILL haven't plugged it into anything. It needs to be sanitized first!

                            Comment


                            • #15
                              Re: DC19 Network

                              Originally posted by Lockheed View Post
                              Question:

                              We're still doing the secure wifi - it's something enough people want that it's worth providing. The question on the table for ya'll is: Do you want us to pre-gen unique login credentials and hand them out at reg with your badge - or do you want to gen your own (like we did last year).

                              Or does it matter to you?
                              Either way, It's a Trap!
                              And I heard a voice in the midst of the four beasts, And I looked and behold: a pale horse. And his name, that sat on him, was Death. And Hell followed with him.

                              Comment

                              Working...
                              X