(Nat64 & Static-IP)
Line 24: Line 24:
 
The following SSIDs are provided:
 
The following SSIDs are provided:
  
* '''30c3''' (802.1X (see below), 5Ghz)  
+
* '''30c3''' (WPA2 802.1X (see below), 5GHz)  
* '''30c3-legacy''' (802.1X (see below), 2.4Ghz)
+
* '''30c3-legacy''' (WPA2 802.1X (see below), 2.4GHz)
* '''30c3-open''' (open, 5Ghz)
+
* '''30c3-open''' (open, 5GHz)
* '''30c3-open-legacy''' (open, 2.4Ghz)
+
* '''30c3-open-legacy''' (open, 2.4GHz)
* '''spacenet''' (federated hacker authentication system, see https://spacefed.net/wiki/index.php/Spacenet)
+
* '''spacenet''' (federated hacker authentication system, see https://spacefed.net/wiki/index.php/30c3)
  
=== 802.1X, encryption ===
+
=== WPA2 802.1X, encryption ===
Due to popular demand (and with security in mind) we provide 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference!
+
Due to popular demand (and with security in mind) we provide WPA2 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference! Your link layer should be secure if you do certificate checking (see below).
  
You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can '''use any username/password combination to login''' (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.
+
You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can '''use any username/password combination using EAP-TTLS with PAP to login''' (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.
 +
 
 +
Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "30c3/30c3" or "guest/guest" as "username/password".
 +
 
 +
==== Client Settings ====
 +
SSID: 30c3 or 30c3-legacy
 +
Phase 1: EAP-TTLS or PEAP
 +
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP
 +
 +
CN = eventradius.spacefed.net
 +
CA = StartCom
 +
Fingerprint = 88:4C:4F:41:C0:24:C8:53:87:10:1E:8F:90:22:F3:67:F2:B1:32:79
 +
 
 +
Make sure '''you check the certificate''' in order to know you are connecting to the correct network (you should check on both the CN and the CA). The certificate that is installed on the RADIUS server is same as for the local spacenet-service, it is signed by StartCom (aka StartSSL) of which the root-certificate should be pre-installed on most devices. Check [https://spacefed.net/wiki/index.php/30c3#Certificate here] to see more information about the certificate that is installed.
  
 
=== Services ===
 
=== Services ===
Last year we had separate SSIDs for additional services like Fixed-ip. This year we're using 802.1x to push your client it the correct vlan. User the following user/password combinations:
+
Last year we had separate SSID's for additional services like Fixed-IP. This year we're using WPA2 802.1X to push your client it the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:
  
* fixip/fixip (for the fixed-ip vlan - get your static ip at the [[Static:NOC Helpdesk]])
+
* fixip/fixip (for the Fixed-IP VLAN - get your static IP at the [[Static:NOC Helpdesk]])
* nat64/nat64 (for the nat64 vlan)
+
* nat64/nat64 (for the nat64 VLAN)
 +
* 30c3/30c3 or guest/guest (for regular user VLAN - for devices that have correctly implemented MSCHAPv2, like Windows)
  
=== 2.4Ghz & 5Ghz ===
+
=== 2.4GHz & 5GHz ===
The 2.4Ghz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5Ghz. This might work in a controlled enterprise environment, but it doesn't work with 5000 hackers with 50 different operating systems.
+
The 2.4GHz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5GHz. This might work in a controlled enterprise environment, but it doesn't work with 5000 hackers with 50 different operating systems.
  
'''The default SSIDs are 5Ghz only.''' The "legacy" SSIDs are 2.4Ghz only. If your client supports both, don't use the *-legacy SSIDs. If you only see the legacy SSIDs, consider upgrading your device. '''We cannot guarantee that 2.4Ghz works.'''
+
'''The default SSIDs are 5GHz only.''' The "legacy" SSIDs are 2.4GHz only. If your client supports both, don't use the *-legacy SSIDs. If you only see the legacy SSIDs, consider upgrading your device. '''We cannot guarantee that 2.4GHz works.'''
  
 
=== Rules ===
 
=== Rules ===
 
To keep the wireless working for you, keep a few things in mind:
 
To keep the wireless working for you, keep a few things in mind:
  
* We're aware you can break the Wifi infrastructure. We're hoping that you won't and don't want to be chased by 5000 hackers through Hamburg.
+
* We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 5000 hackers through Hamburg.
 
* If you want to download terabytes of data, you might be better off connecting to the wired network
 
* If you want to download terabytes of data, you might be better off connecting to the wired network
* Don't set up any of your own access points. Wireless experimentation is only allowed in the hackcenter, 2.4Ghz at channel1 and 5Ghz at channel 36 (20Mhz!). When we find you, the AP is ours!
+
* Don't set up any of your own access points. Wireless experimentation is only allowed in the hackcenter, 2.4GHz at channel 1 (2412MHz, 20MHz channel) and 5GHz at channel 36 (5180MHz, 20MHz channel). When we find you, the AP is ours!
  
 
== Helpdesk ==
 
== Helpdesk ==

Revision as of 15:18, 21 December 2013

There will be a network! Available in both wired and wireless flavours Be sure to read the Survival Guide before connecting your devices.

(more to come)


Rules of Conduct

  • Be fair! Do not do to others what you do not wish done to yourself!
  • Protect your computer! We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
  • Do not run your own DHCP server! Doing so is harmful. We will detect, locate and disconnect you.
  • Do not send IPv6 Router Advertisements! Again, we will detect, locate and disconnect you.
  • Do not ARP spoof or otherwise impede the operation of the network! We are quite able to find and disconnect you, if necessary.
  • Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network.

Wireless

You can't live without wireless access, so we've built an awesome wireless network again. The setup is improved from last year:

CCC SSIDs

The following SSIDs are provided:

  • 30c3 (WPA2 802.1X (see below), 5GHz)
  • 30c3-legacy (WPA2 802.1X (see below), 2.4GHz)
  • 30c3-open (open, 5GHz)
  • 30c3-open-legacy (open, 2.4GHz)
  • spacenet (federated hacker authentication system, see https://spacefed.net/wiki/index.php/30c3)

WPA2 802.1X, encryption

Due to popular demand (and with security in mind) we provide WPA2 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference! Your link layer should be secure if you do certificate checking (see below).

You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can use any username/password combination using EAP-TTLS with PAP to login (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.

Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "30c3/30c3" or "guest/guest" as "username/password".

Client Settings

SSID: 30c3 or 30c3-legacy
Phase 1: EAP-TTLS or PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN = eventradius.spacefed.net
CA = StartCom
Fingerprint = 88:4C:4F:41:C0:24:C8:53:87:10:1E:8F:90:22:F3:67:F2:B1:32:79

Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN and the CA). The certificate that is installed on the RADIUS server is same as for the local spacenet-service, it is signed by StartCom (aka StartSSL) of which the root-certificate should be pre-installed on most devices. Check here to see more information about the certificate that is installed.

Services

Last year we had separate SSID's for additional services like Fixed-IP. This year we're using WPA2 802.1X to push your client it the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:

  • fixip/fixip (for the Fixed-IP VLAN - get your static IP at the NOC Helpdesk)
  • nat64/nat64 (for the nat64 VLAN)
  • 30c3/30c3 or guest/guest (for regular user VLAN - for devices that have correctly implemented MSCHAPv2, like Windows)

2.4GHz & 5GHz

The 2.4GHz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5GHz. This might work in a controlled enterprise environment, but it doesn't work with 5000 hackers with 50 different operating systems.

The default SSIDs are 5GHz only. The "legacy" SSIDs are 2.4GHz only. If your client supports both, don't use the *-legacy SSIDs. If you only see the legacy SSIDs, consider upgrading your device. We cannot guarantee that 2.4GHz works.

Rules

To keep the wireless working for you, keep a few things in mind:

  • We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 5000 hackers through Hamburg.
  • If you want to download terabytes of data, you might be better off connecting to the wired network
  • Don't set up any of your own access points. Wireless experimentation is only allowed in the hackcenter, 2.4GHz at channel 1 (2412MHz, 20MHz channel) and 5GHz at channel 36 (5180MHz, 20MHz channel). When we find you, the AP is ours!

Helpdesk

If you have questions about the network or need help connecting or want to drop off a server for collocation during the event, drop by the friendly people of the NOC Helpdesk, located near the Infodesk in the Main Foyer.

DNS64

The world supply of IPv4 addresses is nearing depletion. To get used to the future and gain some experience with how it may soon feel, ports 1-4 on each switch function as "DNS64", one of many transition strategies from IPv4 to IPv6. Your operating system will need to support native IPv6 and DHCPv6, or configure this IPv6 address as nameserver: 2001:67c:20a1:2251::53

Please report your experiences with this in the Talk page.

Supporters

This is a list of companies providing network hardware and connectivity services. The event would not have been possible without their support (and a few unlisted), and we thank them for it.

Who For
Supporter-a10 logo-sm.jpg http://www.a10networks.com/ A10 hardware loan from BMA Networks
Supporter-atrato.jpeg http://www.atrato-ip.com IP Uplink
Supporter-babiel.jpg http://www.babiel.com/ Servers
Supporter-flexoptix.jpeg http://www.flexoptix.net Optical Networking Equipment
Supporter-ghip.jpeg http://www.ghipsystems.com/ Optical Networking Equipment
Supporter-iphh.gif http://www.iphh.net/ Colocation / Logistics
Supporter-Juniper.gif http://www.juniper.net/ Network Equipment
Supporter-kaia.png http://www.kaiaglobal.com/ IP Uplink
Supporter-kpn.jpeg http://www.kpn-international.com IP Uplink
Supporter-Ruckus.png http://www.ruckuswireless.com Wifi Network Equipment
Supporter-rrbone.png https://www.rrbone.net/ IP Uplink