--- Log opened Sun Oct 23 00:00:19 2016
00:30 -!- fie [root@2001:4800:7811:513:4834:b479:ff04:bc41] has quit [Ping timeout: 245 seconds]
06:06 -!- Dagmar [~dagmar@162-229-17-110.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
06:06 -!- Dagmar [~dagmar@162-229-17-110.lightspeed.nsvltn.sbcglobal.net] has quit [Changing host]
06:06 -!- Dagmar [~dagmar@unaffiliated/dagmar] has joined #se2600
06:07 -!- mode/#se2600 [+o Dagmar] by ChanServ
06:40 -!- brimston3 [~brimstone@noranti.in.the.narro.ws] has quit [Changing host]
06:40 -!- brimston3 [~brimstone@unaffiliated/brimstone] has joined #se2600
06:40 -!- mode/#se2600 [+o brimston3] by ChanServ
06:40 -!- brimston3 is now known as brimstone
07:55 < _NSAKEY> https://theintercept.com/2016/10/23/endace-mass-surveillance-gchq-governments/
07:55 < _NSAKEY> I bought one of their cards off ebay to use during netkoth at PhreakNIC, but the one free lead I had on drivers had been taken down.
07:55 < _NSAKEY> So now I've got a $10 curiosity.
08:18 < xray> too bad it would have been fun to play with it.
08:18 < xray> Is NetKotH using a fiber network now?
08:19 < _NSAKEY> Honestly, intel NICs are good enough, but I wanted to use something exotic for packet captures.
08:19 < _NSAKEY> xray: All ethernet.
08:20 < xray> Did the card come with the copper adapters?
08:21 < _NSAKEY> It's a DAG 3.7G. Straight gigabit ethernet.
08:21 < _NSAKEY> The only obvious difference between it and any other dual gigabit NIC is the FGPA.
08:21 < _NSAKEY> It's so old that it requires a PCI-X slot, or a riser kit.
08:22 < xray> Full packet capture at wire speeds is hard to do well.
08:22 < xray> PCI-X is not very common. Do you have a machine that can use it?
08:22 < _NSAKEY> Yeah, I have a dumpster-grade dell server that does.
08:23 < _NSAKEY> The problem is a lack of drivers.
08:23 < xray> To bad that would have been fun.
08:23 < _NSAKEY> Some university did a paper about the card I have vs. Intel NICs circa 2007, and they even published a tarball of the drivers as they existed at the time.
08:23 < _NSAKEY> But, someone decided to do housekeeping after the researchers went elsewhere, so that tarball is gone.
08:23 < xray> If the faculty are still there, contact them and see if they can give you a copy.
08:24 < _NSAKEY> They've scattered to other places.
08:24 < xray> A lot of faculty never throw anything out so even if they are at a new university they may still have the data.
08:24 < _NSAKEY> I thought about calling up Endace for shits and giggles and seeing what they would tell me, but they're probably going to be really averse to anything like that even without The Intercept writing articles about them.
08:25 < xray> I agree they may not take it very well.
08:25 < _NSAKEY> As it stands, even ancient Intel NICs work like a charm for my needs.
08:26 < xray> We have found that Intel NICs seem to work better than others for packet capture.
08:26 < _NSAKEY> I inlined the original pcap box between ben's netboot laptop and 3 of the client laptops, then turned them all on at the same time while dumpcap was running.
08:26 < _NSAKEY> Didn't drop a single packet.
08:26 < _NSAKEY> This was on a Dell PE 2650 with 2x Intel NICs.
08:27 < xray> Are you making the pcaps available after the con for analysis.
08:27 < _NSAKEY> I recently decided to swap that set-up out for a newer HP server, but haven't been able to put it through the same testing because ben's got all the gear right now.
08:27 < xray> I use the Intell NICs on our servers as well.
08:28 < _NSAKEY> I tested for basic functionality, but since this thing is new enough to not be made fun of by random people, I'm going to assume it can handle the workload better than that ancient Dell.
08:28 < _NSAKEY> Publishing the pcaps is the end goal, yes.
08:28 < xray> A 2650 is no slouch. I have several in my research rack.
08:28 < xray> The problem with the pcap is where to host it.
08:29 < _NSAKEY> I have one sitting in the floor of my apartment. It works, it's just old and I would rather lug the 1U back and forth.
08:29 < _NSAKEY> That's easy. Google Drive.
08:29 < xray> Also people in the CTF may be leaking things they don't realize from apps on their machine. Like mail apps trying to check for mail.
08:30 < _NSAKEY> benthemeek has a bunch of laptops that netboot Kali images.
08:30 < xray> That's a good idea.
08:30 < xray> Where did he get the laptops?
08:30 < _NSAKEY> That's how we handle the problem of people who want to play but either didn't bring their gear or don't want to plug their gear into the network.
08:30 < _NSAKEY> His employer's recycle pile.
08:31 < _NSAKEY> They're cool with it. He asked his boss if it was ok and everything.
08:31 < _NSAKEY> If you've been to PhreakNIC before, it's the same set-up as his Unreal Tournament Port-a-LAN.
08:32 < xray> I was the one who set up the first NetKotH for PhreakNic.
08:32 < _NSAKEY> For 18?
08:32 < xray> I think it was 18. I'll check.
08:33 < _NSAKEY> Was it the year brimstone manipulated the scoreboard to spell out his name?
08:34 <@brimstone> yup
08:35 < xray> Yep it was 18. Brimstone was there. I remember he got score on one of the machines by doing arp cache poisoning.
08:35 < xray> I had configured one of the boxes and accidentally hardened it so that no one could break in.
08:37 < xray> brimstone: I contacted Dr. Kaos yesterday and he said he is looking into the kaos.to dns problem.
08:37 <@brimstone> ok cool
08:39 < xray> brimstone: Sorry I forgot to send you the links to the IoT software interface generator. I'll send my self a note so I don't forget when I get back to the office.
09:08 < aestetix> ok so
09:08 < aestetix> the someone starts at a new job, you expect them to ask lots of questions to learn the culture, right?
09:09 < aestetix> the focus of the question is trying to figure out why millennials are so fucking annoying :p
09:26 <@brimstone> xray: ok, cool, thanks
10:18 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
10:20 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has quit [Read error: Connection reset by peer]
10:21 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
10:29 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has quit [Read error: Connection reset by peer]
10:30 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
11:11 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has quit [Read error: Connection reset by peer]
11:11 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
11:24 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has quit [Read error: Connection reset by peer]
11:25 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
11:30 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has quit [Read error: Connection reset by peer]
11:30 -!- TheDukh [~thedukh@cpe-74-141-205-192.kya.res.rr.com] has joined #se2600
15:03 -!- xray [~xray@c-73-43-4-206.hsd1.ga.comcast.net] has quit [Quit: Leaving.]
15:39 -!- TheDukh [~thedukh@cpe-74-141-205-192.kya.res.rr.com] has quit []
16:36 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d8bf:ee45:5e15:1e3e] has joined #se2600
17:10 -!- giezr [~giezr@198.143.186.116] has quit [Read error: Connection reset by peer]
19:42 -!- frsilent_ [~frsilent@198.91.88.88] has joined #se2600
19:42 -!- robogoat_ [~robogoat@163.172.136.88] has joined #se2600
19:43 -!- frsilent [~frsilent@unaffiliated/frsilent] has quit [Write error: Broken pipe]
19:43 -!- am1n0_ [~devnull@psychonaut.iamdevnull.info] has quit [Remote host closed the connection]
19:43 -!- robogoat [~robogoat@163.172.136.88] has quit [Remote host closed the connection]
19:49 -!- am1n0 [~devnull@unaffiliated/am1n0] has joined #se2600
19:49 -!- mode/#se2600 [+o am1n0] by ChanServ
20:31 -!- scoob [~scoob@fsf/member/scoob] has quit [Ping timeout: 268 seconds]
20:32 -!- K4k [~K4k@unaffiliated/k4k] has quit [Ping timeout: 268 seconds]
20:38 -!- scoob [~scoob@fsf/member/scoob] has joined #se2600
20:44 -!- K4k [~K4k@unaffiliated/k4k] has joined #se2600
21:02 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-lfzwwuovizfhzlwt] has joined #se2600
21:02 -!- mode/#se2600 [+o klixa-cloud] by ChanServ
21:02 -!- jaake [~h4ckm3@c-68-52-45-79.hsd1.tn.comcast.net] has joined #se2600
21:02 -!- jaake [~h4ckm3@c-68-52-45-79.hsd1.tn.comcast.net] has left #se2600 []
22:26 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
22:27 -!- mode/#se2600 [+o klixa] by ChanServ
23:06 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has quit [Ping timeout: 256 seconds]
23:06 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has joined #se2600
23:06 -!- mode/#se2600 [+o rhia] by ChanServ
23:43 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has quit [Read error: Connection timed out]
--- Log closed Mon Oct 24 00:00:22 2016