So what was fun last year with OTB?

To me, it was a ton of people showing up and banging on stuff, a ton of people bringing boxes, and the instant community that cropped up around the event.

What didn't work?

Um, well, boxes. Even for stuff that was pretty likely (and in one case obviously) owned, nobody claimed any hardware.

On paper, it made sense, but the truth is all of us have a ton of gear and no one really wanted to lug crap home on the plane. Hell, some of us were giving stuff away, and I know at least one machine was still sitting on the table when the con closed.

So, here's what I'm chewing on, in the interest of still keeping the point of defenders and attackers having something at stake, but making things a bit more portable.

Cash money. Dinero. Scratch. Greenbacks.

I talked this over with The Powers That Be, and even though Vegas is Vegas, we can't actually do something that looks like wagering without hotel sanction. But what we can do is spend money at the hotel.

So, now what?

Here's what I'm proposing for this year: "Pwning for Dollars". You keep your hardware, but defenders (and possibly attackers) pay a nominal entry fee. The winner, attacker or defender (and to do this right we have to have one, and only one) takes the pot, as a tab at the Splash bar Saturday night.

So, what do you think?

Oh, yeah, since it's pledge week on my local NPR station, I'll shamelessly steal from that one guy on the morning show and sweeten the pot, though I may regret it... I'll match dollar-for-dollar whatever comes in. Sound fair?

I'm down as a defender, but I need the parameters of the contest / service list so's I can get creative and I also need to know what I have to do to officially register?

Has any of this been determined yet?

-H0m3sl1ce

Hm, this might be a bit out of scope, but here it goes...

DefCon 16 will be first DefCon. I'm a guy from Germany working on his own operating system, which just got TCP/IP and a HTTP/ICMP/DNS/mDNS server recently. I would like to bring my laptop to DefCon and let people try to hack into it.

However, since I'll bring my actual laptop and not some old hardware (baggage allowance on planes and things), there is ABSOLUTELY NO WAY people I will give my laptop to anyone who breaks it. I've planned to bring some price money (like $100 for 1st place, $50 for 2nd, $25 for 3rd), in terms of who makes ot how far on my machine.

So, in short, YES, I'm all for an entry fee.

I really liked the first idea, you win you get the box. If there were a problem with unclaimed prizes well first off i didnt know it, as I would have helped with that situation. And Im sure that someone that is local to vegas could take the unwanted/unclaimed hardware and donate it to a school in the area or something.

I really liked the first idea, you win you get the box. If there were a problem with unclaimed prizes well first off i didnt know it, as I would have helped with that situation. And Im sure that someone that is local to vegas could take the unwanted/unclaimed hardware and donate it to a school in the area or something.

The own the box idea is great for those who are using old platforms and creative tweaking, but in my case there is a huge investment in parts and R&D, the machine is unique in the world and frankly dangerous. I'll be more than happy to throw in funds for prizes, but can't release the tech in the box to the public.

My take on it is that if you want to attract new and unique / creative defenses, the cost involved is far too great for the defender if all his work walks out the door. I mean, really what is the loss to a guy who shows up with a Amiga and gets pwned vs. the guy who designs a completely new system? Honestly, my goal is to test my design against the best in the world, not come home with 20 year old piece of computing history.

-H

Skoot, I agree with Homeslice. It's more fun to deploy a little advanced tech and give the masses a challenge, but that takes a few bucks ('14 quattloos for the newcomer!!') ....

So count our team in, Racer-X says the 5 Benjamin challenge to the roc-heads still stands, and can be upped it folks are really up for it.

We do need the rules / regs / outline in order to get ready.

Best, HAL

Skoot, I agree with Homeslice. It's more fun to deploy a little advanced tech and give the masses a challenge, but that takes a few bucks ('14 quattloos for the newcomer!!') ....

So count our team in, Racer-X says the 5 Benjamin challenge to the roc-heads still stands, and can be upped it folks are really up for it.

We do need the rules / regs / outline in order to get ready.

Best, HAL

:biggrin:

Sounds like it'll be hella fun, lookin forward to it.

-H

Yup, looking forward to posting banner pages of 'Bad Kitty, that's my pot pie!' and hoping boxes get treated better than average outing of young Master Kenneth each episode.... actually, the 'denied entry' sign from his heavenly journey might be more appropriate as a response to each 'contestant' .......

So time for each little shinobu to try to get into the jinja... - Best, KS

Is Skoot comming back or what? I need answers to some issues before I spend anymore money.

Can we attach the box via wifi? (I know some of you just started salivating)

Can I get some certainty on the conditions of pwnage... is there a key file that the attacker must get to prove access or what?

Which services must be lit up?

Any other restrictions?

-H

Is Skoot comming back or what?
Skoot's Last Activity: 04-24-2008 10:53 PM

It is likely that skoot is coming back. If the activity of Skoot's account doesn't show activity 7 days after this post-date/time, send me a PM reminding me about this, and I'll send him an email using the email address he used when he registered with the forums.

Since the forums can't reach the mail server used to pass email to the real world, people's thread-subscriptions no longer let them know when someone replied to a thread they chose to monitor. It is possible that he is expecting an email, to know that someone has a question in a thread he would otherwise be monitoring. DT knows about the mail server problems, and is looking in to it, but is very busy with other things right now.

All,

Here's a few starter questions that I would like to discuss and get resolution on before implementation. Please add, refine, define, enumerate, elucidate, obfuscate, rotate, gyrate, pirate, and of course, ruminate....

1.) Each participant should get an IP range assigned to them to use as they wish.
2.) IPv4 vs. IPv6 or both?
3.) What 'services' will the infrastructure (DC) have, and what level of service
(i.e., ntp, dns, uddi, authorization servers, etc. - and will those be considered 'out of bounds' for active operators?)
4.) WiFi - will jammers or any active denial operations be permitted/out of bounds?
5.) Is there any maximum number of machines allowed?
6.) Any restrictions on virtualized or dynamic hosting or networking
7.) Any restrictions on actively engaging the contestant opponents on the network (i.e. 'hackback' or 'reverse payload injection' techniques, either destructive or non-destructive)?
8.) - - well, how about just getting a sign up sheet of IP ranges for the defenders put out for the moment?

- Not to be a pain, but we really should nail it down by end of month to give defense two solid to prep. Some of us have day jobs and deliverables to other people ; >

Best, HAL

"2501 is not a number, more a *state of mind*...... ":cool:

Two problems with VM:
1) If a person "hacks" a VM, do they get the hardware that ran the VM? What happens when there are multiple people and multiple VM? Does the hardware go to the person that hacked the most? Do they get the VM licenses too?
2) If the VMis commercial, it should include a legal/valid license and key.
(I think this was an issue at a long past CTF (before KenShoto), when it is possible that someone might have allegedly used what might have possibly been illegal licenses, or licenses illegally.)

These items came up late year with the discussion of machines in OTB DC 15 forum.

4.) WiFi - will jammers or any active denial operations be permitted/out of bounds?
I can't speak for everyone, but as there is (possibly) a hotel network, defcon wireless network, and various wireless contests and sessions, I would strongly urge against any jamming of wireless. In addition to those concerns, it is against the law. :wink:

I can't speak for everyone, but as there is (possibly) a hotel network, defcon wireless network, and various wireless contests and sessions, I would strongly urge against any jamming of wireless. In addition to those concerns, it is against the law. :wink:Not to mention that incorporating wireless into this game would also just be really fucking stupid.

There are already loads of games for you at DefCon if 802.11 radio traffic makes you hot and horny.

This game is (or at least initially was) about compromising services and such running on a remote machine. Accessing the TCP/IP connection to send packets out to the target box was just a given.

If you're a h4x0r named "Xv_Dark_Lord_vX" and you're going to pwnzor a televangelist's web site, it would likely happen across the intertubes... you wouldn't sit in Joel Osteen's parking lot with a cantenna.

Not to mention that incorporating wireless into this game would also just be really fucking stupid.

There are already loads of games for you at DefCon if 802.11 radio traffic makes you hot and horny.

This game is (or at least initially was) about compromising services and such running on a remote machine. Accessing the TCP/IP connection to send packets out to the target box was just a given.

If you're a h4x0r named "Xv_Dark_Lord_vX" and you're going to pwnzor a televangelist's web site, it would likely happen across the intertubes... you wouldn't sit in Joel Osteen's parking lot with a cantenna.

Granted that there are games that focus on wifi (I will be entering a few); however there are also other games that focus on compromising services (CTF, etc). The fact remains that there will always be some things that wireless allows you to do that you can't do on the wire and frankly I didn't want to have to put a wired interface in as well considering I am VERY VERY limited in space and cooling capacity.

I will certainly defer to your obvious experience at previous cons, but accessing the connection IMO is never a given. Are you saying that there should be no firewalling, IPS or other functionality that actively denies suspect traffic or returns fire? Isn’t that kind of like assuming that Joel Osteen's server is an unpatched windows box that sits alone on the edge and will let you pound away on it all day like a bull in a china shop? That doesn't reflect the real world, invites disaster and sets up the defenders to fail.

In my mind, this event seemed more about minimizing regulatory overhead in order to stimulate defensive creativity. In essence the counterpoint to the CTF, where it’s all about the offense. Of course there need to be rules, but lets keep the sweeping rules that effect things like transport or hardware to a minimum. I think most of us are smart enough to understand that stomping on the hotel wifi or DoS'ing the network is a stupid thing to do.

The problem with contests like this is that they easily become a bit like NASCAR... so limited by the rules that everybody shows up with the same vanilla boxes because they have no leeway to get creative. Let’s make sure we don't kill the spirit of the contest in the name of easiness.

-H

please believe me when i say that i'm not trying to be contrarian and get into an argument or anything, i really do believe that you just want to see the contest be the best that it can be. i simply disagree with you on a number of key points. (and i should clarify that i do not run this contest in anyway. i'm just speaking up because skoot doesn't seem to be around right now)
The fact remains that there will always be some things that wireless allows you to do that you can't do on the wirei'll let renderman or Thorn or Roamer or prez or any of the other dozens of folks who know loads more about Wireless than i do correct me if i'm wrong (and you should please feel free to correct me, too) but I have always been under the impression that TCP/IP data doesn't give a rat's ass about the medium over which it is traveling. whether over copper wire or radio, packets arrive at their destination and do their thing.

aren't all the distinctions between WiFi and Ethernet below Layer 3? i'm positive that anything at Layer 4 and above would never notice the difference. (unless you're starting to get into delaying of specific packets, replay attacks, timing attacks, etc. but almost ALL of that sort of stuff pertains to compromising the WiFi link and not the data it's carrying.)

as i say, i could be way off and i'll take my lashing with a ruler from the nuns if i am... but i simply can't see how Layers 3, 4, 5, etc are impacted by telling people to plug in.

I didn't want to have to put a wired interface in as well considering I am VERY VERY limited in space and cooling capacity.hehe... just what kind of device are you bringing? almost sounds like you want to run services etc. on an ultraportable notebook. porting apache to a macbook air, perhaps?

but accessing the connection IMO is never a given.we fundamentally disagree here. this is a contest that is focused on hardening and defending a machine that is connected to a network for the purpose of running specific services. it concerns attackers (either public folk out there on the tubes or rouge employees on the inside) trying to take over the box by messing with those services that it's running.

Are you saying that there should be no firewalling, IPS or other functionalityit's quite a leap to go from "this contest should represent servers in the real world" to "nobody should have security on their machines". of /course/ there should be such products... however, you're more bad-ass if you don't use them. :wink: where's the "risk" in putting up a box that is 100% firewalled, fully patched, and running the latest version of well-respected, open-source daemons? last year one of my machines was a Win2K box running some outdated FTP server and like apache 1.3 or something, hah!

That doesn't reflect the real worldsee above concerning what i think reflects the real world.

I think most of us are smart enough to understand that stomping on the hotel wifi or DoS'ing the network is a stupid thing to do.yes, most of the regulars who read these forums and are planning ahead of time to compete are likely smart enough (but i wouldn't put it past all of them to not be boneheads)

i think the bigger concern is the pack of a half-dozen 19 year olds who drove all night from the middle of nowhere just to get to DefCon and then realize that this contest is happening. Then you get a crowd of script kiddies tweaked on llello sitting outiside the contest room for 36 straight hours, just pounding the network in the asshole with a 3" oak dowel.

plenty of folk here could disagree with me... i just think that segregating a contest network from the public masses at DefCon is a Good Thing™

Let’s make sure we don't kill the spirit of the contest in the name of easiness.that, amigo, is a sentiment which we can all support... and one that I appreciate seeing you speak up for.

i'll let renderman or Thorn or Roamer or prez or any of the other dozens of folks who know loads more about Wireless than i do correct me if i'm wrong (and you should please feel free to correct me, too) but I have always been under the impression that TCP/IP data doesn't give a rat's ass about the medium over which it is traveling. whether over copper wire or radio, packets arrive at their destination and do their thing.Yeah, that pretty much the case. While 802.11 massages the data into it's own frames for transmission over the air, it's just vanilla Ethernet once it hits the wire.

To address that initial question from HAL999, jamming isn't cool. There will be enough unintentional RFI at DC, just because of all the various WiFi and other RF gear there. I strongly suspect that anyone found intentionally jamming all the WiFi in a given area just to best a contest would be bounced long and hard by a gang'o'Goons.

Another things to consider... previous years included a Defcon wireless network that actively disrupted "rogue" access points. Talk to the people that ran the very first aCTF (now oCTF.) They tried to use wireless for people to play, but service was unreliable. After the con was over, they complained about this problem, and were told that an exception could be made for their access point if it was known ahead of time. However, they moved to wired connections the following year, and many, many more people were able to reliably play without so many interruptions. Now their contest is quite large.

Who's to say what an unknown WiFi system with capabilities to counter-attack might do when there is an existing larger network of wireless access points that support counter attacks. Who would win? Well, if you read what Thorn typed above, you have a pretty good idea. (Layer 1 methods can be more convincing than layer 2 if you know what I mean. ;-)

Heck, they could even make sport of it, by offering the people in the Wireless Contest an opportunity at some extra prize to play an extra round of, "fox and hound," where the fox doesn't move.

please believe me when i say that i'm not trying to be contrarian and get into an argument or anything, i really do believe that you just want to see the contest be the best that it can be. i simply disagree with you on a number of key points. (and i should clarify that i do not run this contest in anyway. i'm just speaking up because skoot doesn't seem to be around right now)
i'll let renderman or Thorn or Roamer or prez or any of the other dozens of folks who know loads more about Wireless than i do correct me if i'm wrong (and you should please feel free to correct me, too) but I have always been under the impression that TCP/IP data doesn't give a rat's ass about the medium over which it is traveling. whether over copper wire or radio, packets arrive at their destination and do their thing.

aren't all the distinctions between WiFi and Ethernet below Layer 3? i'm positive that anything at Layer 4 and above would never notice the difference. (unless you're starting to get into delaying of specific packets, replay attacks, timing attacks, etc. but almost ALL of that sort of stuff pertains to compromising the WiFi link and not the data it's carrying.)

as i say, i could be way off and i'll take my lashing with a ruler from the nuns if i am... but i simply can't see how Layers 3, 4, 5, etc are impacted by telling people to plug in.

Well yes and no. Some of my box's "goodies" live on the lower levels. Now however I am wondering if I should bother, since some of the manipulation occuring if my box panics will border on "jamming".

hehe... just what kind of device are you bringing? almost sounds like you want to run services etc. on an ultraportable notebook. porting apache to a macbook air, perhaps?


Let's just say that I have very little space to work with, and a bunch to cram into it. You won't be able to miss it, so holler at me there and I'll show you the guts. In many ways I will be at a disadvantage because the limited space means limited hardware performance, memory, available platforms, etc.

we fundamentally disagree here. this is a contest that is focused on hardening and defending a machine that is connected to a network for the purpose of running specific services. it concerns attackers (either public folk out there on the tubes or rouge employees on the inside) trying to take over the box by messing with those services that it's running.

we don't disagree at all my friend :) It's just that my system relies on a synergy of hardware and software response for self protection. I just view physical controls as part of the hardening process. We both agree that it is about defending against attackers, we just diverge on the scope of where services end.

it's quite a leap to go from "this contest should represent servers in the real world" to "nobody should have security on their machines". of /course/ there should be such products... however, you're more bad-ass if you don't use them. :wink: where's the "risk" in putting up a box that is 100% firewalled, fully patched, and running the latest version of well-respected, open-source daemons? last year one of my machines was a Win2K box running some outdated FTP server and like apache 1.3 or something, hah!

see above concerning what i think reflects the real world.

My point was that if the concept of the contest is to test one's abilities to install a strong deamon and obfuscate it then the rest of the box should be off limits because we are simply talking about attacking the exposed service only. There would be no need for a firewall or any other self protection mechanism because those are not directly associated with the operation of the services we are required to expose. I admit it was a bit of a douchbag response and I apologize.

How badass is building a box to automatically analyze and dynamically self-protect, in addition to obfuscating versions, patch levels and OSes. I guess I look at it as more of a test of my abilities to build a whole system rather than just my abilities to be real creative at installing apache.

yes, most of the regulars who read these forums and are planning ahead of time to compete are likely smart enough (but i wouldn't put it past all of them to not be boneheads)

i think the bigger concern is the pack of a half-dozen 19 year olds who drove all night from the middle of nowhere just to get to DefCon and then realize that this contest is happening. Then you get a crowd of script kiddies tweaked on llello sitting outiside the contest room for 36 straight hours, just pounding the network in the asshole with a 3" oak dowel.

Again, half of what will be happening in any of the wireless contests I'm sure will technically fall under the auspices of "jamming". Hell, forcing disassociation is the same results as "jamming" but is also the cornerstone of many wifi attacks. Now of course I haven't been to a con, so I can only defer to the elders here when it comes to the prevalence of this type of crap at the con.

I'll be the first to say that using any type of denial of service is an admittance of defeat either on the attack or defense side.

plenty of folk here could disagree with me... i just think that segregating a contest network from the public masses at DefCon is a Good Thing™

:biggrin: Probably for the defenders it would be better in terms of machine longevity, but there are also good things that may come from opening the contest to the masses. For instance, you are much more likely to build a strong box as well as attract more participation (both sanctioned and unsanctioned lol). I for one don't fear the masses, and don't care if they are successful and hope they try real hard. My goals are to test the machine and you don't learn through success!

that, amigo, is a sentiment which we can all support... and one that I appreciate seeing you speak up for.

Man, I am here to make friends, drink beer, learn a bunch and have a great time. If I can leave my box on the table and walk away to talk and mingle then I am all the more happy.

I look forward to buying you a beer (or two, or three lol) :cool:

Heck, they could even make sport of it, by offering the people in the Wireless Contest an opportunity at some extra prize to play an extra round of, "fox and hound," where the fox doesn't move.

That actually sounds very fun :) I'd love to do it.

And there are some of us to love nothing more than to find some asstard doing wireless jamming with our commerical tools and turn them over to the goons.

We are getting close and still no details :) Cummon guys, somebody who knows Skoot get a hold of him so we can get a final list of rules and objectives.

I hate to be impatient but I'm a lazy bastard and I need to give myself plenty of time to get my stuff together.

-H

Homeslice: No one knows me. I'm just that stealth. It's a gift.

Thanks much to Deviant, Prez98, Cot and other forum regulars for keeping this thread alive.

The reality is that I'm getting my ass kicked on a research project in IRL / non-handle land and I've had to focus on that.

BUT!!!!!! OTB lives, there is a plan, and I've been working behind the scenes to make sure it can fly.

Hal999 and Homeslice, DO NOT GIVE UP, you will get your chance to get assaulted by the best attackers in the world, I promise.

OTB specs and details. Will drop. This weekend.

More in just a bit. Please stand by.


We are getting close and still no details :) Cummon guys, somebody who knows Skoot get a hold of him so we can get a final list of rules and objectives.

I hate to be impatient but I'm a lazy bastard and I need to give myself plenty of time to get my stuff together.

-H

Homeslice: No one knows me. I'm just that stealth. It's a gift.

Thanks much to Deviant, Prez98, Cot and other forum regulars for keeping this thread alive.

The reality is that I'm getting my ass kicked on a research project in IRL / non-handle land and I've had to focus on that.

BUT!!!!!! OTB lives, there is a plan, and I've been working behind the scenes to make sure it can fly.

Hal999 and Homeslice, DO NOT GIVE UP, you will get your chance to get assaulted by the best attackers in the world, I promise.

OTB specs and details. Will drop. This weekend.

More in just a bit. Please stand by.

You are teh man. Thanks for the update :biggrin:

Well,

Today would be the day, then....

-IP assignments / routing/support infrastructure (DNS/NTP/PKI)
-Desired services and required performance metrics (if any)
-Any limitations or restrictions on contest.


Thanks.

HAL

Yes, it would. Please keep bugging me, it is not a bad thing, I promise.

Technical wrinkle related to the fact that I am on the other side of the continent at the moment and have to walk wifey through some [redacted] stuff to get connected from here and upload the new site.

Since I can't get the data to the site I will post here in the forums in just a bit with some info.


Well,

Today would be the day, then....

-IP assignments / routing/support infrastructure (DNS/NTP/PKI)
-Desired services and required performance metrics (if any)
-Any limitations or restrictions on contest.


Thanks.

HAL