Re: DefCon CTF

[Doc Brown <drb () nopsr us>]

On Thu, Aug 14, 2008 at 10:19:31AM +0200, Roman Medina-Heigl Hernandez wrote:
> I'm also interested in knowing about some strange "network problems" that 
> prevented some teams from fairly scoring (which yields two questions: is 
> DoS permitted at CTF? If allowed, could it be considered as "ethical"?).

Straight DoS is not allowed.  Doing things to stop other teams from
being able to score is allowed.  Generally, it's best to run things past
Kenshoto if you have any concern that it may be a grey area.

For example, setting up a snort inline box and blocking based on strings
of \x90\x90\x90\x90 is a smart way to keep other teams from dropping
obvious NOP sleds as part of an attack against your team's services.
But rolling under your neighbor team's table and cutting their ethernet
is likely to result in your permanent ejection from DefCon.

See [0] for an overview of the rules, scoring, etc.

As for "network problems", I would suspect some of it was teams' firewalls
blocking detected attacks, some of it was VM load from all the forking
services, some of it was network load.  While key refresh happened every
5-7 minutes, many teams attacked over and over instead of waiting 3
minutes or so between attempts.

-Doc

[0] http://nopsr.us/ctf2008/overview.html

-- 
Doc Brown                                            @nopsr.us
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave