Luis MartinGarcia
Normal human being. Fascinated by the way things work. Hungry for learning. Fan of creative and complex projects. Five 9s good mood. Enjoys the sun, iced coffee and Ska music.
Normal human being. Fascinated by the way things work. Hungry for learning. Fan of creative and complex projects. Five 9s good mood. Enjoys the sun, iced coffee and Ska music.
Throughout my career I've had the privilege to work for great companies and do many interesting and rewarding things: software development, consultancy, network engineering, industry partnerships, and more. Currently, I am an Engineering Manager at Facebook,
supporting a team of highly talented individuals that I admire.
Here's a quick summary. For more details, please check my LinkedIn
profile.
Jun 2016 - Today
Engineering Manager
supporting a team of highly talented individuals where we
define and build new network and telecom infrastructure products
and build partnerships with vendors, operators and other players
in the networking industry to improve connectivity across
the globe and bring more people online, to a faster Internet.
Apr 2013 - Jun 2016
Networking Consulting Engineer for Cisco's
large Enterprise and Internet
Service Provider customers in the EMEAR region. Delivery of solutions and proactive
services as part of Cisco's Advanced
Services vertical, focused on Datacenter Networks, Automation and
Software-Defined Networking (SDN) technologies.
Jan 2012 - Apr 2013
Infrastructure Consultant for Microsoft's
large Enterprise customers in the Western Europe region.
Technical, customer-facing, consultancy role focused on the analysis, design
and deployment of solutions based on Microsoft's datacenter and security
tecnologies (Hyper-V, Windows Server, AD, Forefront, etc).
Summer 2009, 2010, 2011
Developer for the Nmap Security
Scanner. Developed Nmap's IPv6 stack fingerprinting engine. Developed Nping, a multi-protocol and multi-target packet
generator distributed with Nmap. Developed the Nping Echo Protocol, a system to detect
modifications to a packet as it traverses the network.
Apart from the things that pay the bills, I have a few personal projects. Here are the ones that I believe could be of interest.
I am the creator and mantainer of Nping, one of the tools of the Nmap family.
Nping is a network packet generator that offers quite a lot of flexibility. It also has
an interesting "echo mode" that lets you see how a packet gets modified by middleboxes as
it traverses the network from source to destination. It is distributed as part of Nmap,
so you may even have it installed already ;-)
[More].
I am also the creator and maintainer of Aldaba, an open-source security tool
to protect network services against 0-day exploits. Aldaba is a
Single Packet Authorization daemon that controls access to a
system or a network by instructing the local firewall to keep
all ports in a closed state but open them dynamically upon
request, for clients in possession of valid access credentials
[More].
I wrote a command-line tool called "protocol". It is meant to provide quick access to an RFC-like
ASCII representation of network protocol headers (e.g: IPv4, IPv6, TCP, ICMPv4, ICMPv6, Ethernet...), so you
don't have to google them all the time. It is also and ASCII header generator for user-defined
protocol headers. Using a simple syntax (e.g "TTL:16,Checksum:16,..."), one can generate
any kind of nice and beautiful ASCII protocol headers.
[More].
I keep a bunch of miscellaneous applications and code on my Github repository.
I won't claim they are the most useful tools ever but there
I have some interesting Cisco ACI-related tools, other random
scripts and also contributions I've made to
other open-source projects.
[More].
I've written a few articles and essays. Some of them were published, some others were collecting dust in a drawer until I placed them here.
This is a paper that I wrote together with some other Nmap developers. It is
about the research David and I did on IPv6 OS fingerpriting originally, and
a number of cool features Mathias and Alexandru worked on, some time after that. It got
accepted in the ACM Workshop on Artificial Intelligence and Security, in
October 2015.
[PDF].
[ACM Portal].
This was my first article ever. It's about my favourite library, libpcap. It
provides a general introduction to packet capture systems and it shows how to use
the libpcap library to build a network sniffer. It was published
in Hakin9 Magazine (admitedly not the most
rigorous publication out there) in 2008, and it's now freely
accesible here:
[PDF].
[More Stuff].
I wrote this paper during my masters in Network Engineering. I never
tried to publish it. It's about figuring out what network devices
exist between a sender and a receiver by analyzing changes to
network packets made in transit. Let me know what you think.
[PDF]
[Slides].
This one was also written during my masters in Network Engineering. I never
tried to publish it either. It's about how difficult it is for
tools like Nmap to bruteforce IPv6 address spaces, and what techniques
can be used to make host discovery in IPV6 feasible. Drop me
a line and let me know what you think.
[PDF].
[TXT].
This was the final project of my MSc in Computer Engineering at the UC3M.
It provides a theoretical background for non-conventional dynamic filtering techniques
in network firewalls. Goal is to solve the 0-day exploit problem by having
systems with all ports closed by default, opening them on demand to
authorized endpoints. Unfortunately, I wrote it in Spanish (what the hell was I thinking,
right?). If you can read Spanish, you can find it here:
[PDF].
This one is not very good, to be honest. It's about the kind of data
the big Internet players may have access to and how
they could use it for profit. It's more an editorial than a
scientific article and most of the ideas it contains
perhaps were relevant at that time but they now sound too
obvious. I'll leave it here just for the record.
[PDF].
Here are the slides for some of the presentations I've given outside work.
Since their conception, network devices have experienced an
enormous evolution, acquiring new capabilities and making
it possible to build networks at a planetary scale. However,
the demand for products and services that are built on top
of the network is growing at a pace never seen before.
The traditional paradigm of hosting the control and
forwarding planes in the same device along with the way
networks have been deployed and operated in the past,
has made the network a bottleneck in the IT stack.
Software-defined Networking (SDN), Network Function
Virtualisation (NFV) and Cloud environments are recent
proposals from the industry to make networks cope with the
speed and level of sophistication that is required in
today’s enterprises and service providers. This presentation
will provide an overview of these concepts and discuss how
they relate to the trends and challenges observed in
production networks today.
[PDF].
If this wasn't what you were looking for, drop me a line. I am always up for communication with other human beings, especially if it's about something interesting. Feel free to reach me using the e-mail address below.