Tuesday, November 4

Why is your Blog named Finshake?

Someone wrote in and asked me why I named my blog “Finshake”. Well..

Finshake is an internal joke between me and the guys in VRT at Sourcefire. A while ago, I was an author on the “Snort IDS and IPS toolkit” book from Syngress. Well, with the rush to deadlines and things, there are several mistakes in the book. Okay, so there are alot of mistakes made in the book...

Well, one of the biggest mistakes in the book, actually happened in my chapter. (Chapter 6). I was talking about TCP Session initiation and TCP Session tear down and how Snort interprets those. In the final book, I wanted pictures of the TCP Handshake for session initiation, and the TCP exchange for session tear down.

In my copy of the manuscript I simply indicated where the pictures should go:

I didn’t actually draw the pictures. I knew Syngress had the pictures from the 2.1 book, and I just asked them to use those.

So in my final proofread of the pdf that I got from the publisher:

The place holder was there, but no picture. Oh well.

The picture was inserted later, and no one ever checked to see if the picture was right. 

So it’s become such a funny joke around the VRT, someone made the suggestion that I should rename my blog “Finshake”. (Since obviously, Session initiation does NOT take place with a “FIN” packet!?)


kpyke said...

Five-way finshake ftw :)

kpyke said...

