OTB @ DC16: Pwning for Dollars

Re: OTB @ DC16: Pwning for Dollars

Granted that there are games that focus on wifi (I will be entering a few); however there are also other games that focus on compromising services (CTF, etc). The fact remains that there will always be some things that wireless allows you to do that you can't do on the wire and frankly I didn't want to have to put a wired interface in as well considering I am VERY VERY limited in space and cooling capacity.

I will certainly defer to your obvious experience at previous cons, but accessing the connection IMO is never a given. Are you saying that there should be no firewalling, IPS or other functionality that actively denies suspect traffic or returns fire? Isn’t that kind of like assuming that Joel Osteen's server is an unpatched windows box that sits alone on the edge and will let you pound away on it all day like a bull in a china shop? That doesn't reflect the real world, invites disaster and sets up the defenders to fail.

In my mind, this event seemed more about minimizing regulatory overhead in order to stimulate defensive creativity. In essence the counterpoint to the CTF, where it’s all about the offense. Of course there need to be rules, but lets keep the sweeping rules that effect things like transport or hardware to a minimum. I think most of us are smart enough to understand that stomping on the hotel wifi or DoS'ing the network is a stupid thing to do.

The problem with contests like this is that they easily become a bit like NASCAR... so limited by the rules that everybody shows up with the same vanilla boxes because they have no leeway to get creative. Let’s make sure we don't kill the spirit of the contest in the name of easiness.

-H

Re: OTB @ DC16: Pwning for Dollars

please believe me when i say that i'm not trying to be contrarian and get into an argument or anything, i really do believe that you just want to see the contest be the best that it can be. i simply disagree with you on a number of key points. (and i should clarify that i do not run this contest in anyway. i'm just speaking up because skoot doesn't seem to be around right now)
i'll let renderman or Thorn or Roamer or prez or any of the other dozens of folks who know loads more about Wireless than i do correct me if i'm wrong (and you should please feel free to correct me, too) but I have always been under the impression that TCP/IP data doesn't give a rat's ass about the medium over which it is traveling. whether over copper wire or radio, packets arrive at their destination and do their thing.

aren't all the distinctions between WiFi and Ethernet below Layer 3? i'm positive that anything at Layer 4 and above would never notice the difference. (unless you're starting to get into delaying of specific packets, replay attacks, timing attacks, etc. but almost ALL of that sort of stuff pertains to compromising the WiFi link and not the data it's carrying.)

as i say, i could be way off and i'll take my lashing with a ruler from the nuns if i am... but i simply can't see how Layers 3, 4, 5, etc are impacted by telling people to plug in.

hehe... just what kind of device are you bringing? almost sounds like you want to run services etc. on an ultraportable notebook. porting apache to a macbook air, perhaps?

we fundamentally disagree here. this is a contest that is focused on hardening and defending a machine that is connected to a network for the purpose of running specific services. it concerns attackers (either public folk out there on the tubes or rouge employees on the inside) trying to take over the box by messing with those services that it's running.

it's quite a leap to go from "this contest should represent servers in the real world" to "nobody should have security on their machines". of /course/ there should be such products... however, you're more bad-ass if you don't use them. where's the "risk" in putting up a box that is 100% firewalled, fully patched, and running the latest version of well-respected, open-source daemons? last year one of my machines was a Win2K box running some outdated FTP server and like apache 1.3 or something, hah!

see above concerning what i think reflects the real world.

yes, most of the regulars who read these forums and are planning ahead of time to compete are likely smart enough (but i wouldn't put it past all of them to not be boneheads)

i think the bigger concern is the pack of a half-dozen 19 year olds who drove all night from the middle of nowhere just to get to DefCon and then realize that this contest is happening. Then you get a crowd of script kiddies tweaked on llello sitting outiside the contest room for 36 straight hours, just pounding the network in the asshole with a 3" oak dowel.

plenty of folk here could disagree with me... i just think that segregating a contest network from the public masses at DefCon is a Good Thing™

that, amigo, is a sentiment which we can all support... and one that I appreciate seeing you speak up for.

Re: OTB @ DC16: Pwning for Dollars

Yeah, that pretty much the case. While 802.11 massages the data into it's own frames for transmission over the air, it's just vanilla Ethernet once it hits the wire.

To address that initial question from HAL999, jamming isn't cool. There will be enough unintentional RFI at DC, just because of all the various WiFi and other RF gear there. I strongly suspect that anyone found intentionally jamming all the WiFi in a given area just to best a contest would be bounced long and hard by a gang'o'Goons.

Re: OTB @ DC16: Pwning for Dollars

Another things to consider... previous years included a Defcon wireless network that actively disrupted "rogue" access points. Talk to the people that ran the very first aCTF (now oCTF.) They tried to use wireless for people to play, but service was unreliable. After the con was over, they complained about this problem, and were told that an exception could be made for their access point if it was known ahead of time. However, they moved to wired connections the following year, and many, many more people were able to reliably play without so many interruptions. Now their contest is quite large.

Who's to say what an unknown WiFi system with capabilities to counter-attack might do when there is an existing larger network of wireless access points that support counter attacks. Who would win? Well, if you read what Thorn typed above, you have a pretty good idea. (Layer 1 methods can be more convincing than layer 2 if you know what I mean. ;-)

Heck, they could even make sport of it, by offering the people in the Wireless Contest an opportunity at some extra prize to play an extra round of, "fox and hound," where the fox doesn't move.

Re: OTB @ DC16: Pwning for Dollars

Well yes and no. Some of my box's "goodies" live on the lower levels. Now however I am wondering if I should bother, since some of the manipulation occuring if my box panics will border on "jamming".

Let's just say that I have very little space to work with, and a bunch to cram into it. You won't be able to miss it, so holler at me there and I'll show you the guts. In many ways I will be at a disadvantage because the limited space means limited hardware performance, memory, available platforms, etc.

we don't disagree at all my friend :) It's just that my system relies on a synergy of hardware and software response for self protection. I just view physical controls as part of the hardening process. We both agree that it is about defending against attackers, we just diverge on the scope of where services end.

My point was that if the concept of the contest is to test one's abilities to install a strong deamon and obfuscate it then the rest of the box should be off limits because we are simply talking about attacking the exposed service only. There would be no need for a firewall or any other self protection mechanism because those are not directly associated with the operation of the services we are required to expose. I admit it was a bit of a douchbag response and I apologize.

How badass is building a box to automatically analyze and dynamically self-protect, in addition to obfuscating versions, patch levels and OSes. I guess I look at it as more of a test of my abilities to build a whole system rather than just my abilities to be real creative at installing apache.

Again, half of what will be happening in any of the wireless contests I'm sure will technically fall under the auspices of "jamming". Hell, forcing disassociation is the same results as "jamming" but is also the cornerstone of many wifi attacks. Now of course I haven't been to a con, so I can only defer to the elders here when it comes to the prevalence of this type of crap at the con.

I'll be the first to say that using any type of denial of service is an admittance of defeat either on the attack or defense side.

Probably for the defenders it would be better in terms of machine longevity, but there are also good things that may come from opening the contest to the masses. For instance, you are much more likely to build a strong box as well as attract more participation (both sanctioned and unsanctioned lol). I for one don't fear the masses, and don't care if they are successful and hope they try real hard. My goals are to test the machine and you don't learn through success!

Man, I am here to make friends, drink beer, learn a bunch and have a great time. If I can leave my box on the table and walk away to talk and mingle then I am all the more happy.

I look forward to buying you a beer (or two, or three lol)

Re: OTB @ DC16: Pwning for Dollars

That actually sounds very fun :) I'd love to do it.

Re: OTB @ DC16: Pwning for Dollars

And there are some of us to love nothing more than to find some asstard doing wireless jamming with our commerical tools and turn them over to the goons.

Re: OTB @ DC16: Pwning for Dollars

We are getting close and still no details :) Cummon guys, somebody who knows Skoot get a hold of him so we can get a final list of rules and objectives.

I hate to be impatient but I'm a lazy bastard and I need to give myself plenty of time to get my stuff together.

-H

Re: OTB @ DC16: Pwning for Dollars

Homeslice: No one knows me. I'm just that stealth. It's a gift.

Thanks much to Deviant, Prez98, Cot and other forum regulars for keeping this thread alive.

The reality is that I'm getting my ass kicked on a research project in IRL / non-handle land and I've had to focus on that.

BUT!!!!!! OTB lives, there is a plan, and I've been working behind the scenes to make sure it can fly.

Hal999 and Homeslice, DO NOT GIVE UP, you will get your chance to get assaulted by the best attackers in the world, I promise.

OTB specs and details. Will drop. This weekend.

More in just a bit. Please stand by.

Re: OTB @ DC16: Pwning for Dollars

You are teh man. Thanks for the update

Re: OTB @ DC16: Pwning for Dollars

Well,

Today would be the day, then....

-IP assignments / routing/support infrastructure (DNS/NTP/PKI)
-Desired services and required performance metrics (if any)
-Any limitations or restrictions on contest.


Thanks.

HAL

Re: OTB @ DC16: Pwning for Dollars

Yes, it would. Please keep bugging me, it is not a bad thing, I promise.

Technical wrinkle related to the fact that I am on the other side of the continent at the moment and have to walk wifey through some [redacted] stuff to get connected from here and upload the new site.

Since I can't get the data to the site I will post here in the forums in just a bit with some info.