From e4608dc69eddefebf8f3fc2b029068e149ad1f04 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 31 Jan 2013 13:54:13 -0700 Subject: [PATCH] net-re class spam --- doc/2013-02-TF5/class-spam.py | 18 ++++ doc/2013-02-TF5/netre-email.txt | 165 ++++++++++++++++++++++++++++++++ 2 files changed, 183 insertions(+) create mode 100755 doc/2013-02-TF5/class-spam.py create mode 100644 doc/2013-02-TF5/netre-email.txt diff --git a/doc/2013-02-TF5/class-spam.py b/doc/2013-02-TF5/class-spam.py new file mode 100755 index 0000000..7a7b11f --- /dev/null +++ b/doc/2013-02-TF5/class-spam.py @@ -0,0 +1,18 @@ +#! /usr/bin/python3 + +import smtplib +import sys + +smtpd = smtplib.SMTP("mail.lanl.gov") + +template = open("netre-email.txt").read() +assert 'RCPT' in template +assert 'TOKEN' in template + +for line in open("netarch-tokens.txt"): + email, token = line.strip().split() + + print(email) + msg = template.replace("RCPT", email).replace("TOKEN", token) + smtpd.sendmail("neale@lanl.gov", [email], msg) + #print(msg) diff --git a/doc/2013-02-TF5/netre-email.txt b/doc/2013-02-TF5/netre-email.txt new file mode 100644 index 0000000..13dc0d0 --- /dev/null +++ b/doc/2013-02-TF5/netre-email.txt @@ -0,0 +1,165 @@ +From: Neale Pickett +To: RCPT +Subject: Tracer FIRE: Network Archaeology Information + +Welcome to the Network Archaeology course! + +Your token is: TOKEN. Please write this down, but protect it as +though it were a password. + + +Summary +-------- + +* 8-11 AM and 1-4 PM (US/Mountain), Mon Feb 4 - Tue Feb 5 +* Get started at http://tf5.lanl.gov/netarch.html +* Work at your own pace, using tutorial videos on YouTube +* Connect to irc://irc.oftc.net/netarch for Q/A +* Use you token (TOKEN) to ask questions and check lab answers + +IRC is going to be the biggest challenge for some participants. We urge +you to connect to IRC and test the channel moderation bot before Monday, +since we won't be able to help you get connected during the course. + + + +What to Expect +------------ + +Network Archaeology is a self-paced course, consisting of tutorial +labs and video tutorials on YouTube. Instructors are available on IRC +(Internet Relay Chat) to answer questions and provide help as you work +through the labs at your own speed. + +When the course begins Monday morning at 8:00AM US/Mountain, log on to +IRC, then check the web page at http://tf5.lanl.gov/netarch.html for links +to the lab server, an introductory video, and tutorial videos on YouTube. + +After the first 8 labs, we expect you to figure out on your own +how to approach and solve problems. We will update the page at +http://tf5.lanl.gov/netarch.html with links to more tutorial videos to +keep you from getting stuck, though. + +You will see questions and answers in the IRC channel. When you have +a question of your own, message the moderator from your IRC client: + + /msg netarch-moderator TOKEN What does = mean in base64? + + + +Course requirements +---------------- + +You need: + +* A laptop with Linux or MacOS (Linux preferred, inside a VM is fine) +* Wireshark +* tcpdump +* tcpflow +* gcc and make +* python3 +* A plain text or code editor, such as gedit +* An IRC client such as xchat or pidgin + +Please have all your software installed and ready to go when the course +begins. We will not be available to help with software installation. + + + +Connecting to IRC +-------------- + +IRC is the technology used by NNSA's Tracer group for collaborative +incident response, and it will soon be used by DOE's NSM group as well. +If you have never used IRC before, we urge you to test it out before +Monday. Neither Patrick nor Neale will be available to provide assistance +connecting to IRC after the course begins: please familiarize yourself +with IRC before Monday. + +If you are on LANL's collab IRC server, you may join channel #tf5 right +now; I am in the channel and would be happy to chat with you. The collab +channel is unmoderated, you may ask questions right in the channel. +You can skip the rest of the IRC sections. + +If you are not on LANL's collab IRC server, or don't know what that means, +you need to connect to the moderated channel on OFTC. You may install +any IRC client you like--I use xchat--and tell it to connect to the OFTC +network (irc.oftc.net). + +If you can't connect to IRC with an installed client, you may have better +luck with the web-based Mibbit (http://www.mibbit.com/). Remember to +select the OFTC network, and to put # in front of channel names. + + + +IRC Channels +---------- + +There are two OFTC channel for the course: #tf5 and #netarch. + +#tf5 is an unmoderated channel for all Tracer FIRE 5 participants. +You may be able to get help from other people (not the instructors) +in #tf5. You don't have to join #tf5, though: it's optional. + +#netarch is the course channel, and is moderated. Questions must be +sent to netarch-moderator, with your token. For example: + + /msg netarch-moderator TOKEN How do I start a Python shell? + +netarch-moderator will reply saying it has put your question in the queue, +and it will send your question to #netarch when the instructors are ready. + +If you provide an invalid token, or don't provide a token at all, the +moderator will not respond. + + + +Testing your IRC connection +---------------------- + +I implore you to connect to IRC right now, join #netarch, and make sure +you understand how to send messages to the moderator. You can verify +that the moderator sees your token by typing: + + /msg netarch-moderator TOKEN test + + + +Where to go for technical support +-------------------------- + +Due to the number of participants we have this year, we will not be able +to provide any technical support outside of helping you work through labs. +There will be people in the #tf5 IRC channel who may be willing to assist +you if you ask nicely. + +For this reason, it is very important that you have figured out how to +connect to IRC before Monday. There are many resources on the Internet +to help you with this. + +A few of you will be unable to connect to IRC, even after going over +the instructions in this email carefully. I apologize in advance for +being unable to help you get connected during the course. + + + +About your Instructors +------------------ + + Neale Pickett, Los Alamos National Laboratory + Neale created the network archaeology toolkit for python, and is + the principal organizer of Tracer FIRE. He has been involved in + several high-profile incident response efforts across DOE/NNSA + since 2005, and has been teaching this course since 2010. + + Patrick Avery, Pantex Plant + Patrick, a former and current student of Neale, is one of the + biggest advertisers of the network archaology toolkit -- singing + its glory from the mountaintops. He has been involved in several + high-profile incident response efforts across DOE/NNSA since + 2009 and has been assisting with this course since 2011. + + The Tracer FIRE Registration and Moderation Fairies + The Tracer FIRE Fairies are new in 2013. The Registration Fairy + is sorry for sending so many emails, and the Moderation Fairy is + sorry you lost your token (which is TOKEN).