DefconNetworking.org: Home

Navigation

 
I'll definitely have a follow-up post later on, something more "personal" given my retirement, etc. It's a really emotional thing for me. I've certainly have had an amazing year, well, 17 years! I'll say more about that later.

Meanwhile, here are the slides from closing ceremonies: DC20 Network Closing (PDF 3MB)

I hope everyone enjoyed this 20th Anniversary Edition of DEF CON. There will never be anything else like it!

HAPPY SUNDAY MORNING!
Oh, sorry, are you hung over?
At least you're not alone!

Half the Network team is up & moving at least.

Here's your morning bandwidth graph!
20120729-net-2012-07-29-0845.png

The DC20-MEDIA file server is connected via dual 1Gb LACP trunk (2Gbps capability). It's been BUSY today! Good job!

20120728-media-2012-07-28-1828.png

Upload content to share with other con attendees (needless to say, you may want to trust content hosted by DEF CON more than random stuff shared by con attendees).

NETDrive (http://www.netdrive.net/download.html) is windows software that will allow you to easily map a drive via WebDav.
This software was also provided for you on the DC20 Conference CD.

Note:
NetDrive Settings:

Site Name: dc20-media.defcon.org
Site IP: 10.0.0.32
Port: 21
Server Type: FTP
Drive: "select a drive letter"
Account: connect as anonymous
(if you don't select anonymous, it will prompt you for a login; that means you're doing it wrong)

Under Advanced: force SSL for all communications.

Good Morning! It's amazing what just a couple hours sleep will do for you :)

We hope everyone had a great DEF CON 20 Friday night. Great turn out at all the parties, with some great entertainment (DJ's, bands, etc). Too many for any one person to see all of them (kind of like Disneyland, right?)

Everyone's going to be asking about DCTV - right, let's get on with that. Several of us were up late (me, Mac, Richard) working on ideas to get things fixed & back to working order. I think we finalized on Plan Echo(E). We still have Plan Foxtrot(F) in our back pocket. What was wrong? Combination of things. Primary issue was a codec that was mostly-standard, but slightly not. Couple that with newer versions of software that didn't handle the "slightly not" part right. We found the right combination of software and command-line flags, and at 12:30am last night declared (very quietly, so we didn't jinx it) victory - at least with our proof-of-concept we setup in the NOC. We'll re-deploy equipment in a few minutes and verify our hypothesis in production!

Again, we apologize that things weren't running well yesterday. This has been our #1 priority to resolve since yesterday morning and appreciate your patience. (I know I sound calm now, but I was such a stress-ball last night!!).

Other than that, we are having a lot of people using wifi, and great traffic. I think we're going to have to upgrade next year. Our controller is running out of memory throughout the day. Rukbat has been amazingly diligent at sitting quietly in the NOC, all day long, clearing memory, keeping it running as best he can. Can't say enough good things about Rukbat, seriously - I should do an entire post about this guy! He's bloody incredible! But meanwhile, if you do see intermittent loss of connectivity, either wait a minute or two (I know, patience is hard when you're trying to pull up a webpage with someone standing next to you waiting on it) - or email us (noc-at-defconnetworking-dot-org) and let us know. A couple people did yesterday, it's helpful, so thank you guys.

Looks like all afternoon ya'll were using some massive bandwidth. Here, have a look...
20120728-net-2012-07-28-0800.png

We discovered the "lost checkbox" that needed to be un-checked. Now FTP clients can connect, get directory listings, etc.
The issue was mostly on Windows clients.
You should be all set now
So...LEECH!

...and contribute if you have anything!

From a gentlemen who figured out his LINUX problems with the DefConSecure WiFi - we wanted to pass this along.

"RESOLVED have to add .cer to /usr/local/share/ca-certificates and run
sudo update-ca-certificates
OpenSSL must be aware of the CA cer or validation fails"

Hope this helps!

90Mbps!

20120727-net-2012-07-27-1440.png

Happy Opening Morning!!

We're finalizing the video feeds for DCTV. We have guys up in the CATV head-end in the hotel working to get signal across the property properly. Our apologizes the delay (wouldn't be DEF CON without some small snafu eh?). We're working as fast as possible and will let you know when it's live. (Also check @TheLockheed on Twitter, I'll post updates there, too)

**UPDATED**
DCTV will be broadcast to Guest Room TV Channels 55-59:
Track 1 - Ch 55
Track 2 - Ch 56
Track 3 - Ch 57
Track 4 - Ch 58
Track 5 - Ch 59


Have a great DEF CON 20!!

20120726-net-2012-07-25-2015.png

The way SSL certs are being signed has changed. In the past, a Root CA signed SSL certs directly. Now (as of this year), allegedly the industry (at least SecureTrust/TrustWave) now have a Root CA sign an Intermediate Chain Cert, which in turn signs all down-stream SSL certs.

What's that mean to you?
Windows machines doing 802.1x try to validate the SSL certificate by default. For that to happen, they have to know about the chain cert that signed the server's SSL cert.

Windows OS's don't know about the new chain cert. So you'll have to import it.
You can grab the cert from https://wifireg.defcon.org/ca.php
Download the "wifireg.cer" file - double-click, import it.
From that point, you can "validate" the cert and proceed.

(Your other option is to opt not to validate, and the login process will proceed as if you used a self-signed cert).

We've been testing this the last couple hours and believe this is currently what many people are seeing (and what we see in our logs).
Try this - if it doesn't work, let us know and we'll dig into it further.

We're noticing some people having problems with the TrustWave-signed certificate for 802.1x on DefConSecure WiFi.
We'll have more on this shortly, with an updated cert-chain file to import (if you don't already have it).

Reminder, to create your login for DefConSecure wifi, go to https://wifireg.defcon.org/

It's so broke even the "we're down" page is broke!

20120726-twitter-2012-07-26-0935.png

The lines! OMG! THE LINES!
The reg line backed up to the casino, then out to the pool. Holy crimeny!
But luckily the line is moving and everything seems kosher. Thanks for everyone's patience!

Network is going great so far. People are active, no complaints so far.
If you have issues/questions, don't hesitate to drop us a line (noc-at-defconnetworking-dot-org).

Today we're mostly helping vendors & contest teams get all setup, connected, etc.
We worked with the Network Ninja's last night (mostly Mac & Rukbat, two of our miracle workers) to get some cool stuff setup for them!

Twas the night before DEF CON ... and all throughout the house... there was a heatmap.
Here is the "heat map" for early arrivals (ok, mostly staff) using DEFCON-SECURE wireless so far.

20120726-heatmap-2012-07-25-2241.png

The Wifiz are good. We have 405 people pre-reg'd for DefConSecure WiFi. Doolittle has been streaming music all morning.

We've been working to stress the bandwidth (100Mb capacity). We've hit 41Mb last night with Torrents.

Today we're patching the hard-lines for everyone. Doing a Fry's run shortly :)

Mac setup Splunk so we're logging what we can; hope to have some interesting stats for closing ceremonies!

Contests, Events, and staff groups are in & arriving - we're helping them get everything setup.
You're going to really like what the Ninja's have going for you guys today!
CTF already had their music pumping through the night.

Are you ready?

Guess what this is?

20120724-map-2012-07-24-1930.jpg

The NOC team just walked the entire space. Things are looking good.

Fridges are stocked.

Chill-out area and Rio Pavilion has a couple AP's down - someone probably typed "shut" instead of "no shut" :)

Fry's run soon.

Things are going well.
Very well.
Core is up.
Internet is pwn3d.
Wifi is up.
Secure wifi is secured.

Don't jinx it.
Srsly.

https://wifireg.defcon.org/

You can now pre-register your secure wifi login name/password for DEF CON 20. We are up & open for business!

DEF CON NOC is live. Oh, YOU want network access, too? Ok, we'll keep working on that.
20120723-imag04362.jpg

Officially posted from the DEF CON 20 NOC!

Setup proceeding a-pace. Cross your fingers! :)

The DEF CON 20 Network Team is at the Rio. Setup begins far too bright & early tomorrow. Let's do this!!

Mac has the "core" setup & ready to go.

20120719-dc20-presetup.jpg

Friday the 13th.
DEF CON is sneaking up on us.
The NOC team heads to Vegas in a week. Seriously, already?!

We've rebuilt some of the infrastructure on new equipment this year. Kept a lot of things the same - it's going to be a BIG year for DEF CON, so we want to do all we can to make sure everything works the first time!

Once we get on-site, get the core infrastructure up, we'll let you know that we're opening up wifi login registration.
(ok, you happy @SteveL_UK? :).

We're starting with 100Mb to the Internet - with another 100Mb on stand-by.

We've also got some new guys on the team this year; we'll see if they (or their livers) survive!

Hit us us via email, or me via twitter (@TheLockheed) with questions.

While the other DEF CON 20 teams, speakers, contests, etc all gear up to make this year a massive blow-out year - we're actually trying to keep it simple. That's our "secret" to making the network happen. Don't over complicate things. So as much as possible, this year's network will look like last year, with tweaks & improvement here & there. We're probably going to upgrade/swap out some switches, but largely only because some newer stuff is available to us this year - and we'll (almost never) turn down free upgrades :)

We're finalizing WiFi AP placement now (should have that done this week). We're talking about how much bandwidth we can get from the Rio this year. (How much is "too much"? :).

The DC20 network will still support IPv6. We'll be curious if it gets more use this year over last year.

You know how there's a DefCon File server on the network for you to upload/download files from? In honoring our past, we're talking about setting up a "Retro LAN table" - remember the days before there was WiFi and we all came to DEF CON and plugged into a wall jack, setup a switch, and let the people around us share that switch (or hub!)? We may setup something where you can plug in, trade filez with the file server, etc. Don't camp, though, share the space please.

We have new folks helping with DCTV'; they've been working hard to improve signal quality so we can get the best possible signal up to the Rio CATV system for hand-off (even though most of the hotel rooms are still equipped with SD CRT's).

If you're talking at DEF CON 20, throwing a contest, a party, something that requires a network connection or special request, don't forget to let your specified Goon point-of-contact know. If you're not sure, you can always email me (noc -at- defconnetworking dot org) and I'll help you out.

Oh to hell with it...Merry Christmas! :) We hope all of you had a wonderful Christmas, a great Hanukkah, and generally enjoyed the holidays! 2012 is the year the Mayans predicted the world would end - and is also coincidentally the 20th anniversary of DefCon. We've been doing some early planning already to ensure that DefCon20 is the biggest, baddest, most exciting DefCon EVER!

We hope everyone had a very Happy New Years - be safe in whatever activities you chose to indulge in (or at least don't get caught!).

Effffn has suggested a new network metric - HC's per second (hcps). It's a bit of an inside joke (that you can never erase from your mind once you've been exposed) - but suffice it to say instead of a generic "megabits per second" it's taking a known entity as a frame of reference. A video for example. Think "Rebecca Black's per second." There may be something to do this...!

Happy New Years and see you at DefCon 20!