Difference between revisions of "Static:Network"

From 34C3_Wiki
Jump to: navigation, search
m (1 revision imported)
 
(27 intermediate revisions by 5 users not shown)
Line 9: Line 9:
 
== Rules of Conduct ==
 
== Rules of Conduct ==
  
โˆ’
* Be fair! Do not do to others what you do not wish done to yourself!
+
* Be fair! Do not do to others what you do not wish done to yourself! ๐ŸŒˆ
 
* [[Static:How_To_Survive|Protect your computer]]! We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
 
* [[Static:How_To_Survive|Protect your computer]]! We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
 
* Do not run your own DHCP server! Doing so is harmful.
 
* Do not run your own DHCP server! Doing so is harmful.
Line 15: Line 15:
 
* Do not ARP spoof or otherwise impede the operation of the network!
 
* Do not ARP spoof or otherwise impede the operation of the network!
 
* While we are generally quite able to find and disconnect you in case of network misuse if necessary, we still prefer to not have to do so and that everybody respects the other visitors.
 
* While we are generally quite able to find and disconnect you in case of network misuse if necessary, we still prefer to not have to do so and that everybody respects the other visitors.
โˆ’
* Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network.
+
* Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network. ๐Ÿ‘ฎ๐Ÿšจ๐Ÿš”
  
โˆ’
== Wireless ==
+
== Wired ใ€ฐ๏ธ ==
โˆ’
You can't live without wireless access, so we've built an awesome wireless network again. The setup is improved from last year:
+
* On many tables and in the rooms you can connect via RJ-45 to the wired network.
 +
* Most ports provide Gigabit Ethernet.
 +
* Bring a '''15m-20m''' cable for each device you want to connect.
 +
* Optionally, bring & connect a small ethernet switch when connecting multiple devices.
 +
 
 +
== Wireless ๐Ÿ“ถ ==
 +
You can't live without wireless access, so we've built an awesome wireless network again.
 +
 
 +
๐Ÿค” TL;DR, use our '''easy setup tools''' for [[Static:Network/802.1X client settings#Android|Android]] [[Static:Network/802.1X client settings#Apple|Apple]] or [[Static:Network/802.1X client settings#Windows|Windows]] for secure wifi connectivity.
  
 
=== CCC SSIDs ===
 
=== CCC SSIDs ===
 
The following SSIDs are provided:
 
The following SSIDs are provided:
  
โˆ’
* '''{{XC3}}''' (WPA2 802.1X (see below), 5GHz)  
+
* '''{{XC3}}''' (WPA2 802.1X (see below), 5GHz) โœ… c3noc recommended โœ…
 
* '''{{XC3}}-legacy''' (WPA2 802.1X (see below), 2.4GHz)
 
* '''{{XC3}}-legacy''' (WPA2 802.1X (see below), 2.4GHz)
โˆ’
* '''{{XC3}}-open''' (open, 5GHz)
+
* '''{{XC3}}-insecure''' (open, 2.4GHz+5GHz)
โˆ’
* '''{{XC3}}-open-legacy''' (open, 2.4GHz)
 
 
* '''spacenet''' (federated hacker authentication system, WPA2 802.1X, 5GHz)
 
* '''spacenet''' (federated hacker authentication system, WPA2 802.1X, 5GHz)
โˆ’
* '''{{XC3}}-PSK''' (WPA2 PSK, shared private SSID for 33C3 teams/projects using non-802.1X capable devices, 2.4GHz)
 
  
 
=== WPA2 802.1X, encryption ===
 
=== WPA2 802.1X, encryption ===
Line 54: Line 60:
 
  CN = radius.c3noc.net
 
  CN = radius.c3noc.net
 
  CA = DST Root CA X3
 
  CA = DST Root CA X3
โˆ’
  SHA256 Fingerprint = 4F:96:E5:AD:0B:D1:20:B7:D9:5F:C0:EB:0E:63:68:3D:B2:2B:58:F7:CB:B4:FE:F2:9A:5A:79:8D:EC:35:03:74
+
  SHA256 Fingerprint = 35:FF:F9:D9:3E:AE:E7:9B:26:63:21:5C:91:DA:53:F0:A6:66:A5:44:84:26:98:C3:65:68:05:51:C1:7A:D3:BA
  
 
Make sure '''you check the certificate''' in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check [[Static:Network/RADIUS_certificate|here]] for the complete certificate.
 
Make sure '''you check the certificate''' in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check [[Static:Network/RADIUS_certificate|here]] for the complete certificate.
Line 61: Line 67:
 
Previously there were separate SSID's available for additional services like Fixed-IP. This year we're using WPA2 802.1X to push your client in the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:
 
Previously there were separate SSID's available for additional services like Fixed-IP. This year we're using WPA2 802.1X to push your client in the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:
  
โˆ’
* nat64/nat64 (for the nat64 VLAN)
+
* fixip/fixip (fixed IP)
โˆ’
* fixip/fixip (fixed IP - to be confirmed)
+
* {{XC3}}/{{XC3}} or 34c3/34c3 or guest/guest (for regular user VLAN - for devices that have correctly implemented MSCHAPv2, like Windows)
โˆ’
* {{XC3}}/{{XC3}} or 33c3/33c3 or guest/guest (for regular user VLAN - for devices that have correctly implemented MSCHAPv2, like Windows)
+
* outboundonly/outboundonly (Experimental. Allows only outbound traffic; giving users basic protection and a way to save battery usage)
  
 
Please note the username AND password are case-sensitive.
 
Please note the username AND password are case-sensitive.
  
โˆ’
=== 2.4GHz & 5GHz ===
+
=== ๐Ÿ’ฉ2.4GHz & 5GHz ===
โˆ’
The 2.4GHz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5GHz. This might work in a controlled enterprise environment, but it doesn't work with 5000 hackers with 50 different operating systems.
+
The ๐Ÿ’ฉ2.4GHz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5GHz. This might work in a controlled enterprise environment, but it doesn't work with 15000 hackers with 50 different operating systems.
  
โˆ’
'''The default SSIDs are 5GHz only.''' The "legacy" SSIDs are 2.4GHz only. If your client supports both, don't use the *-legacy SSIDs. If you only see the legacy SSIDs, consider upgrading your device. '''We cannot guarantee that 2.4GHz works.'''
+
'''The SSID {{XC3}} is 5GHz only.''' The SSID {{XC3}}-legacy is 2.4GHz only. If your client supports both, don't use the {{XC3}}-legacy SSID. If you only see the {{XC3}}-legacy SSID, consider upgrading your device. '''We cannot guarantee that ๐Ÿ’ฉ2.4GHz works.'''
  
 
=== Rules ===
 
=== Rules ===
 
To keep the wireless working for you, keep a few things in mind:
 
To keep the wireless working for you, keep a few things in mind:
  
โˆ’
* We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 5000 hackers through Hamburg.
+
* We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 15000 hackers through Leipzig.
 
* If you want to download terabytes of data, you might be better off connecting to the wired network
 
* If you want to download terabytes of data, you might be better off connecting to the wired network
 
* Don't set up any of your own access points.
 
* Don't set up any of your own access points.
  
โˆ’
== Helpdesk ==
+
== Helpdesk ๐Ÿ†˜ ==
โˆ’
 
 
โˆ’
If you have questions about the network or need help connecting or want to drop off a server for collocation during the event, drop by the friendly people of the '''[[Static:NOC Helpdesk]]''', located near the [[Static:Infodesk]] in the Main Foyer.
 
โˆ’
 
 
โˆ’
== NAT64/DNS64 ==
 
  
โˆ’
Please see the [[Static:NAT64]] page for more details.
+
If you have questions about the network or need help connecting or want to drop off a server for collocation during the event, drop by the friendly people of the '''[[Static:NOC Helpdesk]]''', located on level +1 of the CCL near the elevators.
  
 
== Supporters ==
 
== Supporters ==
Line 95: Line 97:
 
! For
 
! For
 
|--
 
|--
โˆ’
|-
 
โˆ’
| [[Image:Supporter-aruba-hpe.png|200px]]
 
โˆ’
| http://www.arubanetworks.com
 
โˆ’
| WiFi Network Equipment
 
 
|-
 
|-
 
| [[Image:Supporter-babiel.jpg|200px]]
 
| [[Image:Supporter-babiel.jpg|200px]]
Line 104: Line 102:
 
| Servers
 
| Servers
 
|-
 
|-
โˆ’
| [[Image:Supporter-corebeerbone.gif|200px]]
+
| [[Image:Supporter-corebackbone.png|200px]]
 
| http://www.core-backbone.de/
 
| http://www.core-backbone.de/
 
| IP Uplink
 
| IP Uplink
Line 111: Line 109:
 
| http://www.telekom.com/
 
| http://www.telekom.com/
 
| IP Uplink
 
| IP Uplink
 +
|-
 +
| [[Image:Supporter-eci.png|200px]]
 +
| http://www.ecitele.com/
 +
| Optical Transport Equipment
 
|-
 
|-
 
| [[Image:Supporter-ecix.png|200px]]
 
| [[Image:Supporter-ecix.png|200px]]
โˆ’
| https://www.ecix.net/
+
| https://www.ecix.net
 
| Peering Port
 
| Peering Port
 +
|-
 +
| [[Image:Supporter-enviatel.png|200px]]
 +
| https://www.enviatel.de/
 +
| Dark Fibre
 
|-
 
|-
 
| [[Image:Supporter-eventinfra.png|200px]]
 
| [[Image:Supporter-eventinfra.png|200px]]
 
| https://eventinfra.org
 
| https://eventinfra.org
 
| Network equipment loan
 
| Network equipment loan
 +
|-
 +
| [[Image:Supporter-exaring.png|200px]]
 +
| http://www.exaring.de/
 +
| Longhaul Wavelength
 
|-
 
|-
 
| [[Image:Supporter-flexoptix.jpeg|200px]]
 
| [[Image:Supporter-flexoptix.jpeg|200px]]
Line 124: Line 134:
 
| Optical Networking Equipment
 
| Optical Networking Equipment
 
|-
 
|-
โˆ’
<!--| [[Image:Supporter-ghip.png|200px]]
+
| [[Image:Supporter-gasline.jpg|200px]]
โˆ’
| https://ghipsystems.com
+
| http://gasline.de/
โˆ’
| Optical Networking Equipment-->
+
| Longhaul Wavelength
 
|-
 
|-
โˆ’
| [[Image:Iphhlogo_neu.png|200px]]
+
| [[Image:Supporter-globalways.png|200px]]
โˆ’
| http://www.iphh.net/
+
| http://globalways.net
โˆ’
| Colocation / Logistics
+
| Optical Transport Equipment
 +
|-
 +
| [[Image:Supporter-hlkomm.png|200px]]
 +
| http://www.hlkomm.de/
 +
| Dark Fibre
 +
|-
 +
| [[Image:Supporter-ipb.png|200px]]
 +
| http://www.ipb.de/
 +
| Colocation
 
|-
 
|-
 
| [[Image:Supporter-juniper.png|200px]]
 
| [[Image:Supporter-juniper.png|200px]]
Line 136: Line 154:
 
| Network Equipment
 
| Network Equipment
 
|-
 
|-
โˆ’
<!--| [[Image:Supporter-kaia.png|200px]]
+
| [[Image:Supporter-kpn.jpg|200px]]
โˆ’
| http://www.kaiaglobal.com/
+
| http://www.kpn-international.com/
 
| IP Uplink
 
| IP Uplink
 
|-
 
|-
โˆ’
-->
+
| [[Image:Supporter-lwlcom.png|200px]]
โˆ’
| [[Image:KPN_Logo.png|200px]]
+
| https://www.lwlcom.com/
โˆ’
| http://www.kpn-international.com
 
 
| IP Uplink
 
| IP Uplink
 
|-
 
|-
โˆ’
| [[Image:Supporter-lonap.png|200px]]
+
| [[Image:Supporter-proact.png|200px]]
โˆ’
| https://www.lonap.net/
+
| https://www.proact.de/
 
| Network Equipment
 
| Network Equipment
โˆ’
|-
 
โˆ’
| [[Image:Supporter-lwlcom.png|200px]]
 
โˆ’
| https://www.lwlcom.com/
 
โˆ’
| IP Uplink
 
 
|-
 
|-
 
| [[Image:Supporter-pylonone.png|200px]]
 
| [[Image:Supporter-pylonone.png|200px]]
Line 157: Line 170:
 
| WiFi Network Equipment
 
| WiFi Network Equipment
 
|-
 
|-
โˆ’
| [[Image:Supporter-servtec.gif|200px]]
+
| [[Image:Supporter-retn.png|200px]]
โˆ’
| http://www.servtec.de/
+
| http://retn.net/
โˆ’
| Dark fibre uplink
+
| IP Uplink
 
|-
 
|-
โˆ’
| [[Image:Supporter-teamix.png|200px]]
+
| [[Image:Supporter-speedbone.png|200px]]
โˆ’
| https://www.teamix.de/
+
| https://speedbone.de/
โˆ’
| Network Equipment
+
| Colocation
 +
|-
 +
| [[Image:Supporter-syseleven.png|200px]]
 +
| http://www.syseleven.de/
 +
| IP Uplink
 
|}
 
|}
  
 
== Twitter ==
 
== Twitter ==
 
The CCC NOC team has a Twitter account: [https://twitter.com/c3noc @c3noc]
 
The CCC NOC team has a Twitter account: [https://twitter.com/c3noc @c3noc]

Latest revision as of 13:42, 29 December 2017

There will be a network! Available in both wired and wireless flavours Be sure to read the Survival Guide before connecting your devices.

Rules of Conduct

  • Be fair! Do not do to others what you do not wish done to yourself! ๐ŸŒˆ
  • Protect your computer! We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
  • Do not run your own DHCP server! Doing so is harmful.
  • Do not send IPv6 Router Advertisements.
  • Do not ARP spoof or otherwise impede the operation of the network!
  • While we are generally quite able to find and disconnect you in case of network misuse if necessary, we still prefer to not have to do so and that everybody respects the other visitors.
  • Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network. ๐Ÿ‘ฎ๐Ÿšจ๐Ÿš”

Wired ใ€ฐ๏ธ

  • On many tables and in the rooms you can connect via RJ-45 to the wired network.
  • Most ports provide Gigabit Ethernet.
  • Bring a 15m-20m cable for each device you want to connect.
  • Optionally, bring & connect a small ethernet switch when connecting multiple devices.

Wireless ๐Ÿ“ถ

You can't live without wireless access, so we've built an awesome wireless network again.

๐Ÿค” TL;DR, use our easy setup tools for Android Apple or Windows for secure wifi connectivity.

CCC SSIDs

The following SSIDs are provided:

  • 34C3 (WPA2 802.1X (see below), 5GHz) โœ… c3noc recommended โœ…
  • 34C3-legacy (WPA2 802.1X (see below), 2.4GHz)
  • 34C3-insecure (open, 2.4GHz+5GHz)
  • spacenet (federated hacker authentication system, WPA2 802.1X, 5GHz)

WPA2 802.1X, encryption

Due to popular demand (and with security in mind) we provide WPA2 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference! Your link layer should be secure if you do certificate checking (see below).

You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can use any username/password combination using EAP-TTLS with PAP to login (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.

Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "34C3/34C3" or "guest/guest" as "username/password".

Client Settings

Also see Static:Network/802.1X client settings for a list of OS-specific client settings.

SSID: 34C3 or 34C3-legacy

EAP-TTLS:

Phase 1: EAP-TTLS
Phase 2: PAP

PEAP:

Phase 1: PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN = radius.c3noc.net
CA = DST Root CA X3
SHA256 Fingerprint = 35:FF:F9:D9:3E:AE:E7:9B:26:63:21:5C:91:DA:53:F0:A6:66:A5:44:84:26:98:C3:65:68:05:51:C1:7A:D3:BA

Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check here for the complete certificate.

Services / VLANs

Previously there were separate SSID's available for additional services like Fixed-IP. This year we're using WPA2 802.1X to push your client in the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:

  • fixip/fixip (fixed IP)
  • 34C3/34C3 or 34c3/34c3 or guest/guest (for regular user VLAN - for devices that have correctly implemented MSCHAPv2, like Windows)
  • outboundonly/outboundonly (Experimental. Allows only outbound traffic; giving users basic protection and a way to save battery usage)

Please note the username AND password are case-sensitive.

๐Ÿ’ฉ2.4GHz & 5GHz

The ๐Ÿ’ฉ2.4GHz spectrum is very limited. Previously we've tried to use the vendor implemented workarounds like band-steering and band-select to persuade clients to use 5GHz. This might work in a controlled enterprise environment, but it doesn't work with 15000 hackers with 50 different operating systems.

The SSID 34C3 is 5GHz only. The SSID 34C3-legacy is 2.4GHz only. If your client supports both, don't use the 34C3-legacy SSID. If you only see the 34C3-legacy SSID, consider upgrading your device. We cannot guarantee that ๐Ÿ’ฉ2.4GHz works.

Rules

To keep the wireless working for you, keep a few things in mind:

  • We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 15000 hackers through Leipzig.
  • If you want to download terabytes of data, you might be better off connecting to the wired network
  • Don't set up any of your own access points.

Helpdesk ๐Ÿ†˜

If you have questions about the network or need help connecting or want to drop off a server for collocation during the event, drop by the friendly people of the Static:NOC Helpdesk, located on level +1 of the CCL near the elevators.

Supporters

This is a list of companies providing network hardware and connectivity services. The event would not have been possible without their support (and a few unlisted), and we thank them for it.

Who For
Supporter-babiel.jpg http://www.babiel.com/ Servers
Supporter-corebackbone.png http://www.core-backbone.de/ IP Uplink
Supporter-dtag.png http://www.telekom.com/ IP Uplink
Supporter-eci.png http://www.ecitele.com/ Optical Transport Equipment
Supporter-ecix.png https://www.ecix.net Peering Port
Supporter-enviatel.png https://www.enviatel.de/ Dark Fibre
Supporter-eventinfra.png https://eventinfra.org Network equipment loan
Supporter-exaring.png http://www.exaring.de/ Longhaul Wavelength
Supporter-flexoptix.jpeg http://www.flexoptix.net Optical Networking Equipment
Supporter-gasline.jpg http://gasline.de/ Longhaul Wavelength
Supporter-globalways.png http://globalways.net Optical Transport Equipment
Supporter-hlkomm.png http://www.hlkomm.de/ Dark Fibre
Supporter-ipb.png http://www.ipb.de/ Colocation
Supporter-juniper.png https://www.juniper.net/ Network Equipment
Supporter-kpn.jpg http://www.kpn-international.com/ IP Uplink
Supporter-lwlcom.png https://www.lwlcom.com/ IP Uplink
Supporter-proact.png https://www.proact.de/ Network Equipment
Supporter-pylonone.png http://www.pylonone.com/ WiFi Network Equipment
Supporter-retn.png http://retn.net/ IP Uplink
Supporter-speedbone.png https://speedbone.de/ Colocation
Supporter-syseleven.png http://www.syseleven.de/ IP Uplink

Twitter

The CCC NOC team has a Twitter account: @c3noc