Systems Competition Rules
Let's get it on!
Schedule
The systems competition will begin at 6:00pm Eastern on Tuesday 04/03/2007 and will last for three hours. The competition will be broken up into three sections, each of which will progressively allow additional types of attacks. The schedule is as follows:
Monday 04/02/2007 6:00pm
- The lab supervisor will distribute credentials for each team.
- Your team must verify your credentials. For each account, login with your username and password and then logout. Do not attack the machine or even look around, just verify your credentials! If something does not work, contact the lab supervisor immediately.
- Begin scanning other machines on the network. There will be other machines on the network besides the team machines. No attacks are allowed beyond information gathering -- you are not allowed to use any of the credentials your team received.
- We will be monitoring the network to make sure no one starts attacking early. Any team that does not follow these rules will be severely penalized.
- Monitor your machines to make sure that the other teams are following the rules. If you detect a violation, please contact the lab supervisor immediately!
Tuesday 04/03/2007 6:00pm
- 6:00 - 7:29pm
- Network attacks only - no DoS attacks and no shell access.
- 7:30 - 8:29pm
- Network and shell attacks - no DoS attacks.
- 8:30 - 9:00pm
- All attacks allowed including DoS attacks.
This schedule is not flexible and the competition will not be delayed if some teams are not prepared to begin. Using DoS attacks or shell access prior to being explicitly allowed (based on the schedule above, baring any exceptions below) is strictly prohibited and will result in severe point deductions.
Denial of Service Attacks
DoS attacks will only be permitted at the end of the competition. In addition, any DoS attack performed must be limited in scope to a single victim system at a time. Once it is clear that a DoS attack you are using is successful and you have logged the evidence that it is, you must cease the attack. The point is to prove that a DoS attack is possible, not to take down a service. You must not use a single successful attack against the same system more than once.
There is a gray area in the definition of denial of service which may cause confusion as to whether some attacks are permitted outside of the DoS window. For instance, some failed overflow attempts can lead to a DoS. Additionally, many MitM attack techniques (such as ARP poisoning) can lead to a DoS for some network traffic. In these situations, use your best judgement. You should seek to minimize DoS-like collateral damage when performing attacks early in the competition. If you aren't sure whether a specific attack will cause too much damage, ask the lab supervisor. Finally, be sure to report any problems that appear to be the result of a DoS against your systems to the lab supervisor if it occurs outside of the designated DoS attack time.
There is one exception to this rule: you may conduct denial of service attacks against the honeypot systems at any time during the competition. The same rules apply however. Once you are successful with an attack, you must stop attacking. This will allow other teams to conduct more sophisticated attacks. If you aren't sure whether a system is a honeypot and DoS attacks aren't allowed based on the schedule, then do not use them.
Scoring
Your systems will be probed periodically (every 5 to 10 minutes). A point is added to your score every time a service is found running correctly.
- You get +20 points for obtaining root or Administrator privilege on another team's system and -20 points if another team compromises your system and gains root or Administrator privilege.
- Compromise of any other local user account yields +/-5 points.
- 2 points for each type of successful DoS attack on the required services.
- Other successful attacks may yield additional points, at the discretion of the instructor, depending on difficulty and how well they are documented in your report.
- If you have any configuration difficulties or you are unclear on any specific configuration requirements, please contact the lab supervisr or instructor as early as possible so that you don't get penalized.
Miscellaneous
Do not conduct any attacks from outside of the lab network. This means you must log into one of your lab VMs and initiate your attacks from there. You are not permitted to attack the main lab routers in any way. These systems hold internal IP addresses: 10.0.0.253 and 10.0.0.254.
You are not permitted to attack any systems out on the internet. If any attacks originating from your systems are sent to systems outside of those in the lab network, you may be severely penalized. In order to mitigate these risks, your systems will be limited in their access to outside resources once the competition starts.
The only exception to these last two paragraphs is in the case of man-in-the-middle attacks. MitM attacks are permitted against traffic between the lab systems and external systems if they originate from the lab systems. MitM attacks against connections held by the routers themselves are not permitted.
To make the competition more fun some machines might be placed on the network with weak protections. You might be able to compromise and attack these machines more easily. If you are able to successfully carry out an attack, document it in your brief report.
Report
Document the following in a brief report:
- Attacks that you did and on which machines/services/applications. Describe if you were successful or not. What tools did you use? Provide evidence whenever you can.
- Attacks that you could have done given enough time.
- Attacks that you detected on your machines. Document type, origin, and success of attack. Were you able to protect against it later on?