Advice for the beginner

[Kev]

A long, long time ago in a far away galaxy script kiddies were people who couldn’t write their own programs and had to use other  peoples programs.  Now with the complexity of everything, I don’t know of a hacker that doesn’t use a program or exploit that someone else has written at least on some occasion. So I guess that makes us all script kiddies on some level. Today I believe that term is used more for people that use programs or exploits that they have no clue at all as to how it works.  Go to the Defcon event in Vegas and you will run into a lot of teenagers that don’t know  what a port is really. They know its something that should be open and that’s about it. That’s not to say there are some very knowledgeable people there, but they do have their fair share of script kiddies. 
  My advice to anyone just getting into all this is, learn TCP/IP. I mean really learn it very well. Don’t just memorize the stack protocols but see if you can actually visualize the entire process in your mind’s eye. Understand how the software works with the hardware to move a frame and how all this works together in a network.  This will pay off dividends later when working with tools, etc...  Even a book like TCP/IP for Dummies is really not a bad place to start, but dont  let it end there.  This would be my basic advice to a beginner and I promise they will not be disappointed later down the road.

[don]

I agree and apparently so do the authors of books on the topic. Both Ed Skoudis' book Counter Hack Reloaded and Michael Gregg's book CEH: Exam Prep both have in depth coverage of TCP/IP. In fact, you can read that specific chapter of Gregg's book here on this site by clicking the title link.

Your suggestion of being able to visualize the packet flow is a great one. Did you get a chance to look at the animation video I posted on the travles of a packet named Warriors of the Net?

Whether it is looking at Snort or firewall logs to figure out what has happened, doing real time analysis using Wireshark or scanning using Nmap, a good understanding of TCP/IP is crucial.

Don

PS - Hey Kev, you're making a nice push for the Free Monthly Giveaway. Keep up the good work.

[Kev]

Hey thanks.  Yes, a friend sent that to me a while back and that’s a great little animation. Everyone should take a few moments and watch it

[LSOChris]

being able to fix the broken exploit code (or code in genreal) people post on the net is good skill to have. if you are waiting for other people to create the .exe for you, you will be well behind the bad guys...

[Kev]

 Yes being able to repair the exploit code posted on the net is an important skill. Some people post code with intentional errors to mess up script kiddies. Those errors are usually small ones like a missing } or something commented out that should not be.

[nebu10uz]

I always advice newbies to first read TCP/IP JumpStart: Internet Protocol Basics by Andrew G. Blank. This book explains the basic in an understandable writing which also includes illustration. It's easier for novice to grasp the concept after reading this book. From there, then you should read a book thats more comprehensive and deep in to details of the protocols, such as what we IT professional consider the bible of TCP/IP, The Protocols (TCP/IP Illustrated, Volume 1)  by W. Richard Stevens. This book is a bit outdated and ones should also consider other resources with updated information, however this book explains the foundation of TCP/IP.

[jimbob]

TCP and IP seem to go hand in hand in most literature, does anyone know if there are texts teaching SCTP/IP or SCTP/IPv6? You never know, in the future this could be the book that gets recommended to newbs if SCTP ever catches on. I know squat about SCTP so any recommendations would be welcomed.

Jim