Re: OTB @ DC16: Pwning for Dollars
Granted that there are games that focus on wifi (I will be entering a few); however there are also other games that focus on compromising services (CTF, etc). The fact remains that there will always be some things that wireless allows you to do that you can't do on the wire and frankly I didn't want to have to put a wired interface in as well considering I am VERY VERY limited in space and cooling capacity.
I will certainly defer to your obvious experience at previous cons, but accessing the connection IMO is never a given. Are you saying that there should be no firewalling, IPS or other functionality that actively denies suspect traffic or returns fire? Isn’t that kind of like assuming that Joel Osteen's server is an unpatched windows box that sits alone on the edge and will let you pound away on it all day like a bull in a china shop? That doesn't reflect the real world, invites disaster and sets up the defenders to fail.
In my mind, this event seemed more about minimizing regulatory overhead in order to stimulate defensive creativity. In essence the counterpoint to the CTF, where it’s all about the offense. Of course there need to be rules, but lets keep the sweeping rules that effect things like transport or hardware to a minimum. I think most of us are smart enough to understand that stomping on the hotel wifi or DoS'ing the network is a stupid thing to do.
The problem with contests like this is that they easily become a bit like NASCAR... so limited by the rules that everybody shows up with the same vanilla boxes because they have no leeway to get creative. Let’s make sure we don't kill the spirit of the contest in the name of easiness.
-H
Originally posted by Deviant Ollam
View Post
I will certainly defer to your obvious experience at previous cons, but accessing the connection IMO is never a given. Are you saying that there should be no firewalling, IPS or other functionality that actively denies suspect traffic or returns fire? Isn’t that kind of like assuming that Joel Osteen's server is an unpatched windows box that sits alone on the edge and will let you pound away on it all day like a bull in a china shop? That doesn't reflect the real world, invites disaster and sets up the defenders to fail.
In my mind, this event seemed more about minimizing regulatory overhead in order to stimulate defensive creativity. In essence the counterpoint to the CTF, where it’s all about the offense. Of course there need to be rules, but lets keep the sweeping rules that effect things like transport or hardware to a minimum. I think most of us are smart enough to understand that stomping on the hotel wifi or DoS'ing the network is a stupid thing to do.
The problem with contests like this is that they easily become a bit like NASCAR... so limited by the rules that everybody shows up with the same vanilla boxes because they have no leeway to get creative. Let’s make sure we don't kill the spirit of the contest in the name of easiness.
-H
Comment