You’ve got to take care to shut down or firewall all unnecessary ports used by these services. Unsecure, unnecessary services – such as terminal services and SNMP – are running on most Windows machines. If I were to apply my experiences to a more everyday situation than what was taking place at the off-the-strip Alexis Park hotel, five points would bubble to the top of the security cauldron: Teams even attempted to capture their incoming Scorebot traffic and replay that same traffic in the direction of our machines in the hopes that our services would mistake them for the actual Scorebot and give up flags to them. Someone else tried to go after SNMP services to gain entry. Someone tried to buffer overflow the Web server with 800,000-byte null packets. Or someone would go into the Multi-User Dungeon, online game environments that use a great deal of bandwidth, and figure out if you walked north through the forest just the right way you’d be able to pick up a flag. Someone would figure out how to run the Wiki (a piece of server software that lets users freely create and edit Web page content using any Web browser) and do some obscure set of queries that would reveal flag data. Most attacks we saw were levied against information in the database. Our Japanese language expert slunk over for a closer look and determined the writing on the wall to be complete gibberish, with no hidden message to help us crack the code. The Ghetto Hackers’ full-length equipment rack was ornamented by a large, red, wooden arch in the style of a Japanese archway complete with Asian script. One team had a steadily draining bottle of Southern Comfort on top of its server. As we scanned the room (discreetly, of course) we saw the other teams behaving the same way if not more so. We stuck with soda for the most part, but as the contest wore on, a beer or two appeared. But by the middle of Day Two we gave up and started ordering pizza. At first we were organized and sent out someone for bread and cold cuts. As time dragged on, people started bringing in food and drinks. Our cooler was stocked with ice and Coke. At that point, it was time to take a walk.Īt the beginning everyone was organized with their supplies. But by the time it was 2 a.m., and you were staring at a network trace flying by on a screen, you noticed that your heartbeat and your breathing synchronized with the music and the packet traffic. We’d trained for the competition in small conference rooms with similar tunes blaring as white noise to desensitize. In the middle of the room sat the Ghetto Hackers’ gear, necessary for keeping the game within bounds and blasting loud techno music for the entire 36-hour ride.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |