[Noisebridge-discuss] what if: network forensics class

[David Stainton]

> What about protocols that provide their own reliability on top of UDP?  Can these attacks be generalized to target them as well?

the attack can still do certain attacks if they have the key material...

if for instance the NSA compromised a CA or possessed the TLS key
material then they could possibly perform a TCP-handshake-hijack
attack and possibly the mid-stream injection attacks on
non-forward-secrecy ciphersuites... but then i'm not sure exactly and
we should ask our various cryptographer friends about that for a more
accurate answer than mine.

>> 2. I'd like to start a class/group that regularly meets in person or
>> online; collectively writes network forensics tools.
>
> I'm interested in learning more about this, although I won't be able to meet in person after this week.

I'm open to collaborating online as well.

>> I'm not sure if there's enough technical interest on this subject...
>> but if there is then I'd like to teach about TCP protocol
>> analysis/anomaly detection, low level network programming, ethernet
>> sniffer packet capture methods, offensive packet spraying for
>> detecting Great Cannon MITM etc.
>
> I for one would love to learn more about the nuts and bolts, so to speak.

cool.

>> Those of you that know me might've noticed that in the past year I've
>> become completely obsessed with network protocol anomaly detection,
>> forensics, attack detection etc. especially when it comes to the
>> subject of NSA attacks on TCP mentioned in Snowden documents.
>
> I'm glad someone's working on this.  For my own part, I've recently taken an interest in langsec, and my first step is designing a new programming language so I can stop using C++ as my workhorse.
>
> http://www.vcode.org/

langsec is cool.