Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

COT,

Excellent! I'll create and play with a test project page so people can see things happening, and encourage all groups and contest organizers to start using the projects.

If you don't run a contest, but still want to start a project for something like, say, a war driving event or some community oriented project, just ask!

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Perhaps it would be helpful if the projects can be broken down by contest, or at least being forced to pick a contest/sub-project when reporting an issue and then having the contest/sub-project name prepended to the issue title in the issue list.

This would become more apparent with volume, but If I am posting or looking up something related to robot contest development, as much as I love other contests, I would at least want to filter out their issues when I am working on robot stuff.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

It looks like we might be able to accomlish something like this by abusing the "version"

It looks like we can create a version group, would would normally map to a specific application, but could instead map to a specific Defcon.
Defcon 16 would be a "version Group" Called "Defcon 16"

Then, there is a version field, which we could use to specify the name of the contest or event. This would allow the drop-down list to include all Defcon-16 contests/events to be grouped together under Defcon 16, and each have their own name.

I also checked, and this allows people to search for tasks specific to the version (full version group + version, or Defcon number and contests/event.) It might even be possible to form this in a "GET" based URL so a link could be manufactured by organizers, which once clicked, only show tasks related to their contest or event.

Comments? Feedback?

I just added the forum usergroup "Contest/Event Leaders/Organizers" to who can be assigned a task.

Also, I just limited the contest/events space to only allow tasks, not bugs, or features, since that made no sense.

Comment and feedback welcome. I can't please everyone -- well, I probably could, but I think my arm would get tired and fall off... Ok. Maybe that is a bad metaphor.

I guess what i mean is, I can't read your minds yet, and I can't act on requests until they are made. Have a suggestion? Suggest it. The forums get better when you all provide feedback on what you want to see happen. :-)

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I spoke to Tacitus elsewhere, and he said this idea might work.

I will pre-populate the task section with a "Defcon 17" 'version group' and then pre-populate that with a few example contests/events as "versions" so people can specify what the task would be for. Then I will add a requirement for the version to be specified, so people can't assign them to nothing. There will also be a "version" for "Does not match any contest or event listed above" and that will give people a way to effectively request a new "version" for a new or unlisted contest or event.

If there are no other suggestions, I'll try to start this change on Friday night.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I apologize if I asked this before. That's the problem with old age.

10 10/24/2008 18:27:43.496 Alert Intrusion Prevention Possible port scan detected 216.231.40.182, 443, WAN, forum.defcon.org xorip.xxx.xxx,xxx 62738, WAN TCP scanned port list, 23761, 6028, 56394, 61783, 17916

Are you being spoofed?

xor

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Those are really high ports, but a source port of 443, and use of HTTP/1.0 or a proxy could mean that your web browser is making a separate TCP connect, and HTTP request for every single image and the HTML document itself.
A tool that examines incoming packets and correlates the packet destination port number on your machine might have a race condition between the time it observes traffic, and then tries to check to see if there is a real session associated with it, when a very tiny image is possibly transmitted with only a few packets exchanged. A race may exist between the observed packet, and the valid HTTP session that grabs the image and closes the session before action can be taken because of the observed incoming packet.

Another possible cause? Packets are being dropped or lost, and even though your side feels the session is FIN/closed/done/ended, the forums server does not think so, and continues to try to end the session, until your machine replies with an appropriate ICMP response, or under other circumstances, a re-transmitted tcp packet.

There are many possible causes from false positive to retransmitted packets due to lack of ack which could cause this to appear.

As for spoofing, someone on your collision domain, or on a flooded/monitor port/shared switch which contains your traffic could still be spoofing the forum IP address, and watching responses, but that would not be under our control, so much as it would be under the control of an ISP or person on your network, or the ISP used by the forums.

It is more likely for this to be caused by one of the first two examples, though. DT does like to run with some interesting tools, and I'm sure you might also run with interesting network tools. Anything that might drop, or mangle TCP packets to not be transmitted would be what I would suspect. To further add to this as a likely cause, the ports being scanned are not even very interesting.

Me? The only tools I like to run with are scissors. Next week I get to play "throw" with scissors; Who wants to play "catch"?

HTH (Hope This Helps)

/me runs off with scissors.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

To second with what Cot has mentioned, I see a lot of resets from most web connection. It seems that a lot of home routers, load balancers, firewalls, what have you, don't FIN a connection, but just RST them.

As for the Forums scanning anything it would be difficult because no outbound setup connections are allowed by both the forums machine and the firewall.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I've created 3 sample contests/events (Toxic BBQ, Forum Meet, and Other) under 3 different defcon (16,17, and 18)

When constructing a custom URL that would direct users to just a specific contests/event and a specific defcon, it appears the GET-based varible of consequence are "projectid=3" and "appliesversionid=v6" where the contest/event projectid is 3 for all contest/events, and in this case v9 is "forum meet at Defcon 17" and "v6" is Toxic BBQ at Defcon 17"

Example Full URL which sort based on contest/event:
Toxic BBQ Tasks

Forum Meet Tasks

Feedback is welcome with this demo.

At this point, I think it makes the most sense to NOT prepopulate the list of contests/events unless the contest/event leader/organizer plans to use the project system, because adding it would create a *strong* suggestion that the leader(s)/organizer(s) for a contest/event is actively using the forums as a center for planning and organizing their contest/event.

With the forums, I see that they can exist without leaders/organizers required, because people interested in the contest / event can still discuss the contest/event with each other, but *project* is very specific to planning and organizing.

If you want a project section for you your contest/event included in the list, it will need to be requested in some way.

Leave a public message here or somewhere else making the request to have the section added so the first available Admin can take action and answer without multiple admins working on the same thing in parallel.

Toxic BBQ and Forum meet are only included as a demo, because I know some of these organizers well enough to hope they would take pity on me,and not beat me up before telling me how abusive I am being with my dictatorial power. :-)

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Web server config test. Forums may be down for a few minutes, but will be back quickly.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Friday Maintenance. Forum may be down for an hour or two starting around 9:00pm, pacific time this Friday, November 14, 2008.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I just updated the firewall software, went smoothly.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Sorry about the 4am down-time, looks like a power surge fried the power strip protecting the ups that is protecting our systems. Lucky I only buy Tripp Lite Isobar Ultra surge supressors (2350 joules of protection love) and it ate itself, but no damage to the UPS. Looks like everything started up fine. Now back to bed.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

So basically it did what it was supposed to do! :D

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Not happening tonight. Not all of the items required for this scheduled maintenance are available. This may happen next week on Friday.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Forums, pics, and main site were unavailable today for a brief window because network equipment maintenance.
Forums and pics remained up and running but were not available.
I didn't know about it until it happened.
Sorry it wasn't announced.