So the cyber patriot deadline to sign up is saturday.
However the practice session ends friday...
I have been asked if it is feasible for a team to sign up and compete reasonably,
having completely missed the practice session.
Anyone who has done cyber patriot before, care to comment on this?
I don't really want people to throw away the entry fee if they are just going to get smoked immediately.
My previous experiences were that the practice session is to ensure that stuff works on your system, and that the team knows how to use the provided software, etc. In previous years, many teams were eliminated simply because they couldn't connect to the server.
I'm not sure that a team is going to fare very well having to do their first setup on competition day.
Build a test server then... 8)
+1 to all code ninja skills. ;D
Practice makes perfect. That is why I DDoS myself, so I can defend against it.
you ddos yourself? really?
you're probably breaking several laws... (or at the very least user agreements and terms of service)
not sure i'd admit to that in public
Prove I did it.
Prove I am me.
Prove my network wasn't hacked and used as zombies.
Prove it was my ISP that the attack originated from.
Prove my computer wasn't hacked.
>:D :-X :P
You don't think I know the legalities? :angel:
A judge rule an IP is NOT a person. Therefore, unless you are physically next to me, and witness it, you only have hearsay.
Anyway, it is done on a LAN(mostly, depends on the "severity" of the "strike". I read all of the ToSes before I use something by that company), so there is no BoC.
Oh, and, ISPs don't care about DDoSes. I know companies that can't get ISPs to drop peeps over DDoS.
Besides, how do you think IT security professionals keep sharp? They "battle" each other.
I did security and TS for a company, for the lolz, for 1 year (volunteer work, they couldn't afford to hire me).
Quote from: Extremepredjudice on October 06, 2011, 02:07:57 AM
Prove I did it.
Prove I am me.
Prove my network wasn't hacked and used as zombies.
Prove it was my ISP that the attack originated from.
Prove my computer wasn't hacked.
>:D :-X :P
Kiddie porn traffickers try that line too,
and fail
regularly
just sayin
Quote from: coudano on October 06, 2011, 02:19:33 AM
Quote from: Extremepredjudice on October 06, 2011, 02:07:57 AM
Prove I did it.
Prove I am me.
Prove my network wasn't hacked and used as zombies.
Prove it was my ISP that the attack originated from.
Prove my computer wasn't hacked.
>:D :-X :P
Kiddie porn traffickers try that line too,
and fail
regularly
just sayin
So do hackers, and they DO get away. I studied this for a long time, to make sure I wasn't committing a crime. Plus, I talked to several lawyers about it.
just sayin'
Oh, and I have a lot of security protocols set up. =p
Why do you think I have a SSD?
Anyway, thank you for your consideration.
SSD and local purge routines are useless because all the LEA has to do is serve the warrant to the ISP and look at the traffic logs
from your machines' MAC addresses or your router - you can then explain to a judge why none of that traffic was yours, but for some bizarre
reason you purged every system you own.
Having a kill-mode is also not very useful if you are face down with handcuffs on and an agent's knee on your head before you get to push the switch,
and if they are interested enough in you, they can get you when you're not at home, after capturing data from your "secure" network for a while.
They have 12 year-olds working for them, too.
Also, it doesn't have to be an LEA, your ISP can simply decide they've had enough of you and turn off your service or throttle your bandwidth.
That traffic isn't just affecting you, and the bandwidth you're using to generate it isn't free.
The only thing more dangerous than some who knows nothing is someone who thinks they know "something".
I'm not going to explain my security on a public forum... But it isn't a "kill switch."
And it isn't a purge.
It is fully automated.
LAN bandwidth isn't costly to the ISP? At least not that I know of. Only cost (that I know of) is power.
MAC addresses can be forged, FYI. So can traffic logs.
Regardless, none of this stuff applies on LAN.
If you're saying you're DDOS'ing yourself on a LAN internally, who cares? You're not checking anything but your own loop.
If you're doing it from outside, everything I said applies, and bandwidth is most assuredly not free.
if you're doing it on your own internal lan, is it really a ddos?
how big is your internal lan? lol
No kidding - a real DDOS takes hundreds of machines across a bunch of external host addresses.
Back on topic...
Quote from: coudano on October 05, 2011, 08:53:05 PM
So the cyber patriot deadline to sign up is saturday.
However the practice session ends friday...
I have been asked if it is feasible for a team to sign up and compete reasonably,
having completely missed the practice session.
Anyone who has done cyber patriot before, care to comment on this?
I don't really want people to throw away the entry fee if they are just going to get smoked immediately.
As jimmydeano mentioned, the practice rounds have proven very valuable in working through connectivity issues and getting a general feel for the overall process of the competition. I won't go so far as say it's not worth the effort to sign up but do so knowing you will be starting behind and the learning curve will be steep.
Quote from: coudano on October 06, 2011, 03:37:42 AM
if you're doing it on your own internal lan, is it really a ddos?
how big is your internal lan? lol
Depends, my max is 45, but I can only manage 26. That is if I find all my computers and hook 'em up...
I DDoS a real server, not some computer.
Quote from: Extremepredjudice on October 06, 2011, 02:07:57 AMBesides, how do you think IT security professionals keep sharp? They "battle" each other.
Incorrect, my padawan learner.
IT security professionals maintain technical expertise by examining attack vectors from logs obtained in the course of running a honeypot (http://en.wikipedia.org/wiki/Honeypot_%28computing%29). Nobody with a real reputation to maintain "battles" with other professionals.
There is also a lot more to IT security than protecting against DDoS attacks.
//10+ years as an IT security professional
///For a medium-sized financial institution, not a non-profit who couldn't afford to hire me
Our team started last year just before the registration deadline and made it through to round 3.
The trick was, as someone else stated earlier in the thread to build our own target machine with vulnerabilities to sharpen the cadets skills.
I built a VM with windows 2003 server, virus sig files, basic vulnerabilities (rogue users, password policies, patches) and then tailored it the next few feeks adding the more advanced vulnerabilites as we got closer to round 1.
Making it through to round 3 was great but the real win for me was that one of our cadets had never really used a computer before last years practices started.
He now owns a PC, has DSL, is assisting with our squadron's web presence (facebook, website, forums, etc) and has taken it upon himself to learn the ins and outs of the linux OS. That's what it was all about for me.
I used to work for a enterprise level network equipment manufacturer that did mucho R&D. We definitely attacked ourselves, and got our ISP to help by allowing us to attack ourselves from their side. It probably helped that we were paying them millions per year for our connection.
We set up as the network vendor at Interop a few years back, had billions of attempted attacks throughout the week and not a single vulnerability or breach. However, we never would attack Cisco (even though they make a bunch of junk that barely works together), etc.
EDIT:
PS: We didn't employ a single 12 year old, just sayin'.
Quote from: john_Bowers on October 06, 2011, 03:39:42 PMHe now owns a PC, has DSL, is assisting with our squadron's web presence (facebook, website, forums, etc) and has taken it upon himself to learn the ins and outs of the linux OS. That's what it was all about for me.
That is really awesome! Kudos to you.
My unit wants to participate in CyberPatriot, but we would essentially be starting from zero tonight. Which IMO, doesn't give us a lot of time to get up to speed. I am going to lay it out and let the cadets decide whether we go forward. We'll probably need to start with the first module tonight. :P
Quote from: N Harmon on October 06, 2011, 05:39:25 PM
Quote from: john_Bowers on October 06, 2011, 03:39:42 PMHe now owns a PC, has DSL, is assisting with our squadron's web presence (facebook, website, forums, etc) and has taken it upon himself to learn the ins and outs of the linux OS. That's what it was all about for me.
That is really awesome! Kudos to you.
My unit wants to participate in CyberPatriot, but we would essentially be starting from zero tonight. Which IMO, doesn't give us a lot of time to get up to speed. I am going to lay it out and let the cadets decide whether we go forward. We'll probably need to start with the first module tonight. :P
Thanks, but it was all really the cadet himself. The competition just gave him a place to start. If there's any way I can help you get started in the competition feel free to pm me and I'll do what I can.
Next question, the competition window looks to be open for 24 hours.
How long does it take to actually compete in a single round?
Like 1 hour?
4 hours?
Based on our experience last year the 24 hour window is as follows:
Target download becomes available Friday evening. Instructions with passwords become available the next morning at 10 am est which is the actual start of the competition. Scoring stops at 6pm est. So it isn't a full 24 hours. Just 6 for the round with the image becoming available the night before.
Quote from: N Harmon on October 06, 2011, 02:18:21 PM
Quote from: Extremepredjudice on October 06, 2011, 02:07:57 AMBesides, how do you think IT security professionals keep sharp? They "battle" each other.
Incorrect, my padawan learner.
IT security professionals maintain technical expertise by examining attack vectors from logs obtained in the course of running a honeypot (http://en.wikipedia.org/wiki/Honeypot_%28computing%29). Nobody with a real reputation to maintain "battles" with other professionals.
There is also a lot more to IT security than protecting against DDoS attacks.
//10+ years as an IT security professional
///For a medium-sized financial institution, not a non-profit who couldn't afford to hire me
I worked for a for-profit company that has over 20 million users, and 60 million hits a day. They were idiots(I am being nice just calling them idiots, trust me[even if you think I am insane on everything else, they really are idiots]. They fired their dev staff to hire more marketing consultants, then wonder why there isn't any development on the client. That is one incident)
Yes, there is more to IT that DDoSing, but it is a good thing to learn. I can't really hack myself(and defend at the same time), other than using scripts or injections.
I know security professionals that do battle each other, it gives them experience, and lets them know how quickly they can react.
I gather that once the practice session closes, this test target image will no longer get to the desktop, so the only practicing is setting up our own images? Like I can setup some out of the box Win2K images?
You'll still be able to login to the test target but the scoring engine on the SAIC's servers will be off. As long as you've set the password to something you remember on the target you should be fine.