Don't worry. The official rules will be coming out soon via the official page @ defcon.org

In regards to GH, and their involvement. They did volunteer at the conclusion of last years con. However I have yet to be contacted by anyone.

If you, or any reader has further information please feel free to email me @ ghent@23.org

As far as a secure location for the server machines goes, we did this back at DC8 to combat the advantage of sysadmins under DC7 rules (people randomly rebooting, actively repelling attacks from console).

This year I'm looking to return to having a cage in the CTF area for the admins to check in boxes on Friday and remove on Sunday. This is mostly due to the fact that running 20 Ethernet runs back to my switching gear in the NOC was a pain in the ass.

-Ghent.

GHI CTF rules

The ghettohackers posted their new CTF rules yesterday:

http://www.ghettohackers.net/ctf/


jsyn

Cage

The cage idea rocks. We need a bigger cage for the center of the hangout room where people can pay to do the whole SUMO thing again this year. hahah DefCon 10 Sumo Ring Match!!!! We could make it a tournament... Ok, I'm calling Jeff. haha

ctf

Is the whole net at AP not on the internet, or just ctf? From GH announcement:
--------------------------------------------------------------------
This is a closed network that is not connected to the Internet, so
bring all your tools. While not required, it might help your team to
-----------------------------------------------------------------------------

Net Access

Zero,

No we do have external connectivity via the Defcon Network of Ethernet Jacks in the walls and the Wireless Access Points.

In the past the CTF network has been connected as well. And I suspect that each CTF team will cross-connect to the Defcon Network in relatively short order. So remember to bring a router!

In the meantime, for those of you that have taken a look a the new rules, please drop some comments here.

wireless huh? hmmmm....

I chewed on the rules for awhile. Hmmmm. They seem a bit cryptic, but that's normal. Let me see if I got this strait...

Someone is writing a clear-text IP-based client/server app (telnet, perhaps?) that runs on an X86 platform. The systems that it runs on or the app itself will have some discernable flaws. The "server" portion will be the game scoring mechanism, maintained by GH.

We are to get the application up and running on our systems, where it will call home and get monitored. Our "app" will have a "flag" (certificate?!), that will identify that that it is under our control.

We'll need to find the vulnerabilitites and patch them on our own systems before someone else does, while at the same time trying to hack others' systems and replace their "flag" with our own before they can patch, so that we can collect their points. We continually collect points as long as servers are up with our flag on them.

Did I get this right?

Original quote:

- If required, the folks running the contest may step in to take the place of the press, judicial system or stock market.

I suppose that they can intervine as a part of the game...
Like a fake judicial system... right???

The defcon->GHI CTF link is up, so apparently these rules have now been officially endorsed.

To make this even more realistic for the sysadmins, we ought to have a few know-it-all developers making unscheduled and un-tested changes to production code that introduce new security holes.

So no 64-bit Machines for CTF

I'm concerned about the X86 and open source limitations imposed by the new rules..

That means no 64-bit Alpha's no VMS or Unix? That means all tools must be Open Source or they can't be used?

This doesn't seem at all like the real world even in microcosm!

Last time I checked there were dozens of different server environments that don't require "Patching" the Kernel in
realtime...

Deconstructing the rules

OK, let's see what we've got here (note: all of this is taken directly from the CTF rules posted at http://www.ghettohackers.org/ctf).

So, yeah, it appears as though CTF is restricted to x86 operating systems this year (note: that's not an official statement, just a declaration of my perception of the rules). Which is a bummer, but just lightened the amount of crap I'll have to load into my car by around 20lbs. I'd planned on bringing a non-Intel machine running a Unix variant specifically to see what people tried against it, but it looks like there's no point now.

I can kind of see why they've chosen the rules they have, but it's really going to cut down on the nicely disparate nature of the network. We'll probably just end up seeing the same tired bunch of x86 exploits being used here as in the field.

Deconstructing rules

Here's my take on "What it says"

You get an OS given to you which you must protect. This OS is X86 based. Basic real world scheme. Keep it running without hacks.

The patches section is iffy - do the patches have to be already open source, or if hand crafted turned into open source? Ghent?

Attacks - use anything you want, but there is no direct connectivity to the 'net. This'll keep slam attacks off of both sides (none going out to annoy the ISP, and none comming in to be a nuisance to the ctf.)

"- If required, the folks running the contest may step in to take the place of the press, judicial system or stock market. " Need any help? More than willing to be an annoyance.

This is pretty straight forward when you break it down. Net admins get what management tells them to use and they have to make it work/safe. The hacker get all the tools and platforms they can lay their hands on. That's about as real world as it gets.

The only question not answered is when do the 48 hours start/stop.

Seriously Ghent, if you need any help, I'm available. I'll be there, and if not in a session I'd be up to anything - it's not like we're hot-siting Networld Interop. See ya Friday.

words

so it says starting with an x.86 system... what if you then MIGRATED the services over to a diff system? Real world stuff here.. migrate this application over to this platform..

just my thoughts..

tw