Re: DefCon CTF

[Holt Sorenson <hso () nosneros net>]

On Fri, Aug 15, 2008 at 01:48:16PM -0700, Doc Brown wrote:
> As for "network problems", I would suspect some of it was teams' firewalls
> blocking detected attacks, some of it was VM load from all the forking
> services, some of it was network load.  While key refresh happened every
> 5-7 minutes, many teams attacked over and over instead of waiting 3
> minutes or so between attempts.

There was seemingly constant spew to ports 22 and 25 throughout much of
the game that looked like someone was dumping binary detrititus
intermixed with shell code (somebody playing with fuzzers?) that I
talked to Ken Shoto about several times.

Stuff like that doesn't do anything for the game (since all the
interesting services run on other ports anyway) and seemed to be
contributing to the state table overflowing in the game firewall.

This was why during the post game debrief meeting that I made the
point that activity like this is counterproductive and isn't
going to move your team forward during the game.

Couple this with the factors you cite above and it made for a pretty
shitty network experience during the game at times.

Hopefully teams in the future are more surgical.

DefCon CTF isn't about carpet bombing, it's about laser guided
munitions.

(and Doc, I know you're the part of the choir on this too, but I
needed to rant a bit).

-- 
Holt Sorenson
hso () nosneros net
www.nosneros.net/hso

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave