mirror of https://github.com/dirtbags/moth.git
class info emails
This commit is contained in:
parent
c4e96cafe3
commit
c0106459a5
|
@ -1,165 +0,0 @@
|
|||
From: Neale Pickett <neale@lanl.gov>
|
||||
To: RCPT
|
||||
Subject: Tracer FIRE: Network Archaeology Information
|
||||
|
||||
Welcome to the Network Archaeology course!
|
||||
|
||||
Your token is: TOKEN. Please write this down, but protect it as
|
||||
though it were a password.
|
||||
|
||||
|
||||
Summary
|
||||
--------
|
||||
|
||||
* 8-11 AM and 1-4 PM (US/Mountain), Mon Feb 4 - Tue Feb 5
|
||||
* Get started at http://tf5.lanl.gov/netarch.html
|
||||
* Work at your own pace, using tutorial videos on YouTube
|
||||
* Connect to irc://irc.oftc.net/netarch for Q/A
|
||||
* Use you token (TOKEN) to ask questions and check lab answers
|
||||
|
||||
IRC is going to be the biggest challenge for some participants. We urge
|
||||
you to connect to IRC and test the channel moderation bot before Monday,
|
||||
since we won't be able to help you get connected during the course.
|
||||
|
||||
|
||||
|
||||
What to Expect
|
||||
------------
|
||||
|
||||
Network Archaeology is a self-paced course, consisting of tutorial
|
||||
labs and video tutorials on YouTube. Instructors are available on IRC
|
||||
(Internet Relay Chat) to answer questions and provide help as you work
|
||||
through the labs at your own speed.
|
||||
|
||||
When the course begins Monday morning at 8:00AM US/Mountain, log on to
|
||||
IRC, then check the web page at http://tf5.lanl.gov/netarch.html for links
|
||||
to the lab server, an introductory video, and tutorial videos on YouTube.
|
||||
|
||||
After the first 8 labs, we expect you to figure out on your own
|
||||
how to approach and solve problems. We will update the page at
|
||||
http://tf5.lanl.gov/netarch.html with links to more tutorial videos to
|
||||
keep you from getting stuck, though.
|
||||
|
||||
You will see questions and answers in the IRC channel. When you have
|
||||
a question of your own, message the moderator from your IRC client:
|
||||
|
||||
/msg netarch-moderator TOKEN What does = mean in base64?
|
||||
|
||||
|
||||
|
||||
Course requirements
|
||||
----------------
|
||||
|
||||
You need:
|
||||
|
||||
* A laptop with Linux or MacOS (Linux preferred, inside a VM is fine)
|
||||
* Wireshark
|
||||
* tcpdump
|
||||
* tcpflow
|
||||
* gcc and make
|
||||
* python3
|
||||
* A plain text or code editor, such as gedit
|
||||
* An IRC client such as xchat or pidgin
|
||||
|
||||
Please have all your software installed and ready to go when the course
|
||||
begins. We will not be available to help with software installation.
|
||||
|
||||
|
||||
|
||||
Connecting to IRC
|
||||
--------------
|
||||
|
||||
IRC is the technology used by NNSA's Tracer group for collaborative
|
||||
incident response, and it will soon be used by DOE's NSM group as well.
|
||||
If you have never used IRC before, we urge you to test it out before
|
||||
Monday. Neither Patrick nor Neale will be available to provide assistance
|
||||
connecting to IRC after the course begins: please familiarize yourself
|
||||
with IRC before Monday.
|
||||
|
||||
If you are on LANL's collab IRC server, you may join channel #tf5 right
|
||||
now; I am in the channel and would be happy to chat with you. The collab
|
||||
channel is unmoderated, you may ask questions right in the channel.
|
||||
You can skip the rest of the IRC sections.
|
||||
|
||||
If you are not on LANL's collab IRC server, or don't know what that means,
|
||||
you need to connect to the moderated channel on OFTC. You may install
|
||||
any IRC client you like--I use xchat--and tell it to connect to the OFTC
|
||||
network (irc.oftc.net).
|
||||
|
||||
If you can't connect to IRC with an installed client, you may have better
|
||||
luck with the web-based Mibbit (http://www.mibbit.com/). Remember to
|
||||
select the OFTC network, and to put # in front of channel names.
|
||||
|
||||
|
||||
|
||||
IRC Channels
|
||||
----------
|
||||
|
||||
There are two OFTC channel for the course: #tf5 and #netarch.
|
||||
|
||||
#tf5 is an unmoderated channel for all Tracer FIRE 5 participants.
|
||||
You may be able to get help from other people (not the instructors)
|
||||
in #tf5. You don't have to join #tf5, though: it's optional.
|
||||
|
||||
#netarch is the course channel, and is moderated. Questions must be
|
||||
sent to netarch-moderator, with your token. For example:
|
||||
|
||||
/msg netarch-moderator TOKEN How do I start a Python shell?
|
||||
|
||||
netarch-moderator will reply saying it has put your question in the queue,
|
||||
and it will send your question to #netarch when the instructors are ready.
|
||||
|
||||
If you provide an invalid token, or don't provide a token at all, the
|
||||
moderator will not respond.
|
||||
|
||||
|
||||
|
||||
Testing your IRC connection
|
||||
----------------------
|
||||
|
||||
I implore you to connect to IRC right now, join #netarch, and make sure
|
||||
you understand how to send messages to the moderator. You can verify
|
||||
that the moderator sees your token by typing:
|
||||
|
||||
/msg netarch-moderator TOKEN test
|
||||
|
||||
|
||||
|
||||
Where to go for technical support
|
||||
--------------------------
|
||||
|
||||
Due to the number of participants we have this year, we will not be able
|
||||
to provide any technical support outside of helping you work through labs.
|
||||
There will be people in the #tf5 IRC channel who may be willing to assist
|
||||
you if you ask nicely.
|
||||
|
||||
For this reason, it is very important that you have figured out how to
|
||||
connect to IRC before Monday. There are many resources on the Internet
|
||||
to help you with this.
|
||||
|
||||
A few of you will be unable to connect to IRC, even after going over
|
||||
the instructions in this email carefully. I apologize in advance for
|
||||
being unable to help you get connected during the course.
|
||||
|
||||
|
||||
|
||||
About your Instructors
|
||||
------------------
|
||||
|
||||
Neale Pickett, Los Alamos National Laboratory
|
||||
Neale created the network archaeology toolkit for python, and is
|
||||
the principal organizer of Tracer FIRE. He has been involved in
|
||||
several high-profile incident response efforts across DOE/NNSA
|
||||
since 2005, and has been teaching this course since 2010.
|
||||
|
||||
Patrick Avery, Pantex Plant
|
||||
Patrick, a former and current student of Neale, is one of the
|
||||
biggest advertisers of the network archaology toolkit -- singing
|
||||
its glory from the mountaintops. He has been involved in several
|
||||
high-profile incident response efforts across DOE/NNSA since
|
||||
2009 and has been assisting with this course since 2011.
|
||||
|
||||
The Tracer FIRE Registration and Moderation Fairies
|
||||
The Tracer FIRE Fairies are new in 2013. The Registration Fairy
|
||||
is sorry for sending so many emails, and the Moderation Fairy is
|
||||
sorry you lost your token (which is TOKEN).
|
Loading…
Reference in New Issue