First-Ever Photo Tour of Defcon's Network Center 128
Kugrian writes "With over 9,000 hackers, freaks, feds, and geeks attending Defcon 16, the temporary wireless network setup there is considered the most hostile on the planet. Run by a dedicated group of volunteers known as Goons, the basement Defcon Network Operations Center is secured by means of a chain-link fence and armed guard. The 20-megabit connection, which is twice as fast as Defcon 15, runs over a point-to-point wireless link to another hotel that has point-of-presence in their basement. Wired's Threat Level blog managed to secure the first ever photo tour of the Center showing Goons, hardware and sniffer dogs." Reader TXISDude, who was at Defcon, doubts that attendance was as high as 9,000. Update: 08/13 18:14 GMT by T : Dave Bullock, the Wired photographer who shot these pictures, backs up that figure, though: "I interviewed Joe Grand, the badge designer a few weeks before the con. They ordered 8,600 total badges. They ran out of badges. There were hundreds of people with paper badges."
WHAT?!?! (Score:4, Funny)
Re:WHAT?!?! [Off topic yet On Topic] (Score:3, Interesting)
HASSEN IJOU DA!
(In the original Japanese audio, he actually says "It's over 8,000", which is funny because there are doubts the attendance was over 8,500).
Re: (Score:1)
The problem with sniffer dogs... (Score:5, Funny)
...is that they are always humping your legs as soon as you put them in promiscuous mode.
Is this K-9? (Score:5, Funny)
...showing Goons, hardware and sniffer dogs.
These guys must be extremely high-tech if their security dogs can sniff wireless!
nano-snout (Score:2)
They have the new nano-snout mods. Hi-fi!!
I fail to see what's so spectacular about this (Score:2, Insightful)
seriously, what is so special about this ?
Re: (Score:1)
It's the same kind of spectacle as Alcatraz, its a network that "holds" some very 31337 h@xz0rz.
Re:I fail to see what's so spectacular about this (Score:4, Insightful)
I highly doubt that :)
Anybody that claims he/she is a hacker is most likely not.
These are the 'l33t' script kiddies and such, they couldn't hack their way out of a paper back if someone didn't provide a fill-in-the-blanks kit that they can download.
Anybody that really is a hacker is already in your system, just not bragging about it.
It's like lock picking, if you're really good at it you keep your mouth shut so that if some stuff disappears you're not going to be #1 on everybody's suspect list.
Re: (Score:2, Insightful)
So you are telling me there are no real black hats at this convention?
Given 9000 people who may claim to be hackers, I'm sure there's one in there somewhere...
Re: (Score:2)
quite probably, but the people who make a living on the dark side are definitely not going to be in attendance in a place where law enforcement would certainly be represented to keep tabs on 'who's who'.
If you're a black hat attending a conference like this would be about as smart as a professional safe cracker attending conference announced to attract everybody who is somebody in the safe cracking business. If I were a safe cracker for real I'd stay very far away from such an event.
So, sure there'll be som
Re: (Score:2)
So please don't go by appearances and nice badges :)
Re: (Score:2)
met dieven vang je dieven :)
Re: (Score:2, Funny)
Re: (Score:1)
Re:I fail to see what's so spectacular about this (Score:5, Funny)
Yes, but if you say away they may then suspect that you are, in fact, an elite black hat hacker who is staying away precisely to draw suspicion away from yourself, so in fact a real black hat hacker should, in fact, be there or they will immediately be suspected of being a real black hat hacker.
Never go in against a Sicilian when death is on the line.
Re: (Score:2)
Hehe, ok, you've just made a *lot* of people really nervous :)
Re: (Score:3, Insightful)
Not to mention:
Never get involved in a land war in Asia
Re: (Score:1)
That's right out of an old "get smart" episode.
But he knows that I know that he knows that I know...
Re: (Score:2, Informative)
Re: (Score:2)
I don't think the attendees are claiming to be hackers. It is that the event is tailored to hackers so they will likely be present.
So you take script kiddies, real hackers, government hackers, and so on, put 9000 or so if these in the same buildings and you will expect hacking to happen. Or more aptly, something to happen. But just like lock picking, lock smiths or security experts (hackers attempting to make a legitimate living from their knowledge and contacts) have viable exceptions to being the first pe
Re: (Score:2)
There are no hackers at Defcon. It's clearly stated that it's social networking for ninjas. Everyone is a ninja.
Pay no attention to the content of the presentations or who is making them. :-)
Re: (Score:2)
I highly doubt that :)
Anybody that claims he/she is a hacker is most likely not.
These are the 'l33t' script kiddies and such, they couldn't hack their way out of a paper back if someone didn't provide a fill-in-the-blanks kit that they can download.
Anybody that really is a hacker is already in your system, just not bragging about it.
It's like lock picking, if you're really good at it you keep your mouth shut so that if some stuff disappears you're not going to be #1 on everybody's suspect list.
paper bag
Re: (Score:2)
ah yes, of course :)
my bad, apologies, a wet paper back at that ;)
Re:I fail to see what's so spectacular about this (Score:5, Informative)
Wow... Someone has a serious lack of Imagination. Here is what is special about this:
These guys manage the most actively hostile network on the planet. Just bringing your laptop/cell phone/PDA within wireless range of this event is asking for trouble. These are the people that put your username/password up on a giant wall of sheep [makezine.com] if you choose to use an unencrypted connection for e-mail/web browsing.
Have you considered the challenges of maintaining a server in this environment? You are one giant target for the world's largest collection of black/grey/red-hats in the world. Let's just say that there would be a substantial amount of "iStreet-cred" if you were to 0wn the firewall.
Now, if you read the article, they describe how they setup their wireless network. They keep things very simple and maintain centralized configurations. If you are setting up a network in a potentially hostile environment, their model is a good one to follow. Why? Here [defcon.org] are a few reasons:
Think your network can handle that? Let's take a look at one of the interesting ones - the Rogue AP's.
The people that run defcon (and many of the attendees) eat these attacks for lunch. These people triangulate wireless signals within a high-em noise environment with enough multipath to give K-9 [wikipedia.org] a headache. They manage to actively seek and destroy rogue AP's (not to mention the ARP spoofing!) while maintaining a healthy network. You don't think that's special!?
Now, what about hardware reliability? Heck, if I had a choice between two pieces of gear and one of them had a "Survived DefCon 2008" sticker on it, I could tell you what I would be picking up. They had a nice Cisco fiber switch (no real surprise) but I have never heard of the Aruba [arubanetworks.com] AP's before. I know I'll at least check them out now. Do you not think that exposing battle-proven hardware to electronics-consuming people is special?
Look at the software too. BSD & pf. No real surprise there either. When you want ungodly-stable network filtering - that is the way to go. Don't take my word for it. Heck, don't take BSD's word for it. The setup survived the hacker Olympics with no downtime. THAT is what is special about it.
Re: (Score:1, Redundant)
you are living a sheltered life :)
Re: (Score:2, Funny)
Rouge AP's? (Score:5, Funny)
Re:I fail to see what's so spectacular about this (Score:5, Insightful)
Here is what is special about this:
You missed what was really special about this: If you want into defcon's network operations center, tell them you're from Wired and you just want to take a few pictures. Butter them up real good about how awesome they are for managing such a hostile environment, etc.
I expect this exploit to not work a second time.
Re:I fail to see what's so spectacular about this (Score:5, Funny)
Do people get in trouble for any of this? (Score:5, Interesting)
I've never been to DefCon before, so I'm just curious... do people actually get in trouble for any of the things they do there? If you do a man in the middle attack, do people get mad? Or is it just assumed that anyone on this network is fair game and you can 0wn them as you see fit?
Re: (Score:2)
You'll get in trouble for plenty of things, but not for messing around on the network.
Re: (Score:3, Informative)
It's expected. About the only thing anyone's ever gotten in trouble for (specific to the Network) is for stealing equipment (hence the guard, and the dog :)
Re: (Score:2)
Yeah, that's very possibly very impressive, but the photo tour is just boring. They show a stack of a switch, a router and a server, and some other quite un-exotic hardware.
Re: (Score:2)
Their network setup is impressive. Their connection to the outside world isn't. 20mbit? Less downstream than a good DSL line. And their traffic counts? Pitifully low. 12GB in over 30 hours is under 10% average utilization.
I see three possibilities:
1) People just aren't using the internet much
2) There are so many attacks going on that the network is unusable for actual internet connectivity
3) People are too busy trying to attack things that they don't bother with the internet.
You forgot (Score:4, Funny)
4) Profit!
Re: (Score:2)
Their network setup is impressive. Their connection to the outside world isn't. 20mbit? Less downstream than a good DSL line. And their traffic counts? Pitifully low. 12GB in over 30 hours is under 10% average utilization.
I see three possibilities:
1) People just aren't using the internet much 2) There are so many attacks going on that the network is unusable for actual internet connectivity 3) People are too busy trying to attack things that they don't bother with the internet.
This is the United States of America--Las Vegas to be exact. We aren't talking about Japan as far as network performance rates are concerned.
Re: (Score:2)
The United States of America, where fibre-to-the-home is available in many markets at speeds of up to 50mbit down and 20mbit up?
Re: (Score:1)
Sounds like a typical day at a large corporate network.
ZOMG! (Score:3, Insightful)
Re:ZOMG! (Score:5, Funny)
So, which side of the firewall is the "untrusted" side at defcon? Do they protect defcon from the internet, or do they protect the internet from DefCon?
Re: (Score:3, Informative)
So, which side of the firewall is the "untrusted" side at defcon? Do they protect defcon from the internet, or do they protect the internet from DefCon?
We do a bit of both, actually.
Ya (Score:2)
This is really a lame non-story. A technical document of the map and setup of their network might be interesting (though obviously too technical for Wired) but this? Am I supposed to be impressed? I see more Cisco gear on a daily basis and I don't work for a particularly large department. That's not to knock the Defcon people, they get the amount of gear they need to do the job, not to look impressive. However Wired should find something better to report about, especially if they are doing a photo tour. I c
Re: (Score:2, Funny)
I am so behind the times (Score:4, Informative)
Re:I am so behind the times (Score:5, Funny)
Re:I am so behind the times (Score:5, Funny)
It's Defcon 2.0. They're trying to jazz up their image a little bit and make it more inter-webby.
Re: (Score:3, Funny)
Dfcn?
Re: (Score:2)
You mean http://df.cn/ [df.cn]?
TFS seems to have a mistake (Score:1)
It's DefCon 16 this year.
Re: (Score:2)
Octal, duh.
Re: (Score:1)
Re: (Score:1)
or 0x10...Hell, I would have called it DefCon 0x10.
Or DefCon 0xF, since I start counting from 0, like every geek should.
Re: (Score:3, Insightful)
You start indices at 0, to avoid extra math. But you really should start counting at 1, at least you'd like anyone else to know what's going on.
This remindes me of the TSA (Score:1)
The dog is security theatre but little substance.
They don't really need to sniff your crotch like that but the like to.
Re: (Score:3, Funny)
Re:This remindes me of the TSA (Score:5, Funny)
It completely replaces IT management at a fraction of the cost.
Re: (Score:2)
I think the dog's presence is little more then getting it used to crowds. The article said it is a rescue sniffer in training so I guess it might come in helpful in finding people attempting to hide behind something in hopes to have access to a room after everyone leaves. OF course there is always the protect your master instinct in case they get attack for some reason.
But for the most part, I think it is little more then a couple of Goon's pet working dog and they found an excuse to not put him in a kennel
Re: (Score:1, Flamebait)
Perfect place for training ~9000 unwashed hax0rs is equivalent to a crowd of 50000 "normal" people.
Re: (Score:1)
not really. 9000 people that all smell different is easier for the dog than 50000 people that all smell like the same soap.
Security thru Obscurity (Score:5, Insightful)
If these guys wanted any kind of openness with security, these pictures would be on the DEFCON index page instead of some kinda "security through obscurity" nonsense where only just now are we seeing how they are running the network. If it gets hacked, that should be part of the conference -- how it was compromised, what to do to protect it better, etc.
Re: (Score:2)
Better yet, they'd completely open up the whole spec, wiring diagrams, software versions and all. Just a couple of pictures of some old gear really don't mean much (and could be disinformation!).
Re: (Score:2)
I'm not sure they were intentionally looking for openness here. I think it was more promotion and so on. Allowing access to the infrastructure that runs the event is most likely a way to get another news story going.
I'm not exactly sure where their wants for openness lays in regard to the event. I know they will be discussing a lot of vulnerabilities and so on. I have seen quite a few articles on the setup before the even as well as into it. I'm not sure how this is even close to security through obscurity
Re:Security thru Obscurity (Score:5, Insightful)
Re: (Score:3, Interesting)
Blah Blah Blah.
The first rule of cybersecurity is to have physical security. This is not security by obscurity, at all. The DEFCON network is not the focus of the DEFCON conference, so no, it should not be on the front page. Cracking the DEFCON network is not the (primary) focus of the DEFCON conference so no, there should be no need or competition to -- especially since crap like that usually results in packeting instead of actually interesting attacks. You also seem to assume that a post-mortem analysis o
Come on, china is more hostile... (Score:4, Insightful)
The Defcon network is bad if you are a sheep, but if you jsut treat it like you are going to visit China (with a return trip through US Customs), its not that bad...
New system, everything through an SSH tunnel, only your necessary working set, and temporary login credentials to throwaway accounts, and its all good!
basement, eh? (Score:1)
"...wireless link to another hotel that has point-of-presence in their basement"
boy, they truly make everyone feel right at home!
Sniffer Dogs, (Score:4, Funny)
please don't pee on the routers!! You will void Cisco's warranty.
A challenge for you experts (Score:4, Insightful)
Yes, their network setup looks.. uhmmm... temporary and built with something less than a multimillion dollar budget. So, how would you build a wireless network for '9000' hackers?
Pretend you have some assets already plus $10,000 to spend. How would you build the temporary network?
I've seen a lot of 'how they did it' infrastructure articles, and lots of smirking here, so how would YOU build that network?
More to the point... (Score:3, Funny)
A bunch of world class hackers set up a wireless network.
What could possibly go wrong?
Probably going to be the last.... (Score:1)
I trully thought I was going to see something spectacular. Better keep those pictures in file, rather than on the web.
And you think this is fast (Score:5, Informative)
Try going to Europe. Last time I went to the CCC Congress in Berlin the uplink was 600 mbit. They usually put up signs on the second deay stating "use more bandwidth."
Usually crappy US show network. Go over to Europe where they know how to put on a show. Very few rules and even those are flexible.
Oh, and the number of machines stolen over the past 23 years can be counted on one hand.
http://events.ccc.de/congress/2005/fahrplan/attachments/652-slides_network_review.pdf
Re: (Score:2)
Re: (Score:2)
Yes, because you don't have to go through US customs on your way to the conference :)
More than 8,000 badges (Score:2)
I am not sure of the exact attendance, but Joe Grand made over 8,000 circuit board badges. If I recall correctly, the number was 8,500. I heard that by Sunday they ran out of badges and some people were stuck with the paper badges. Most people I saw this year did have the circuit badges by Sunday. Of the ones that did not, I don't know how much over 8,500 it is, but I suspect the "over 9,000" is probably overstated.
DT didn't give an attendance amount at the wrap up this year, so I don't know what the of
Why there were more than 8,000 badges (Score:2)
The reason there were so many badges is that speakers have the option of receiving their honorarium (small payment for speaking) in the form of three "Human" badges instead of cash. This is a very popular option because the badges are usually some really cool piece of kit and people want to play with them.
Number of badges ordered (Score:2)
The roster shows 121 speakers. If all of them opted for the three badges that would only add up to 363 badges. I do remember Joe saying the total number of badges ordered was at or over 8,500 (he gave a specific number, but I don't remember it). There were also badges for vendors, press, goons, and "hackers" (black badges). So "human" badges were probably 8,000, with the rest of the 500 made up of there rest of the colors. So even if you removed the ones given to the speakers, we would still be talkin
pf Config (Score:4, Interesting)
TFA says that "...a quad-core Xeon running OpenBSD and employing pf to filter and shape traffic" is in place. I think it'd be excellent if they'd release the config for this so that we may all learn from it.
Release it after the con, that is, just in case there's a hole found in it...
Re: (Score:2)
Seconded !
Re: (Score:1)
Here's the config:
block in all
block out all
Volunteer (Score:2, Insightful)
Um...these volunteers set this up for free. Sure they could have spent serious $$$ on providing free wireless to a bunch of miscreants who are too cheap for mobile service and wired it up to look prettier. That's not the point. Unless you are volunteering to bring out your equipment, and setup and run this show, and do it just as securely and reliably, a simple THANK YOU will do. Otherwise, STHU. As wise old Ben said "Any fool can criticize, condemn and complain and most fools do."
That "9000" reference... (Score:2)
Over 9000 (Score:5, Informative)
Re: (Score:2, Informative)
Times sure have changed. (Score:1)
I guess this would naturally be the standard evolution of things.
Software for heat map? (Score:2)
The Heat Map [wired.com] planning tool looks pretty nice. Does anyone know the name of this tool? I'm squinting at the image, but I don't recognize the interface and can't read some of the words.
Re: (Score:2, Informative)
It's part of the Aruba management software suite.
A Question - ActiveScout (Score:2)
A question,
There's mention of Aruba's Analytics and Threat Prevention System.
How does ForeScout Technologies' ActiveScout Intrusion Prevention Appliance stack up? - for those of you that know.
Much thanks.
Pretty lame (Score:2)
20Mbps? Are they kidding me?
PyCon 2008 used a 45Mbps DS3 [tummy.com].
And, then, that's nothing compared to SCinet [supercomp.org]
Re: (Score:2, Insightful)
Did you actually read the page that you referenced? I mean all the way through?
PyCon 2008 used a 40Mb wireless connection @ 40Mbs, not a DS3. Dropping a DS3 in for a temp event is big bucks (try it sometime!)
Now read their utilization graph. If they had 20Mb, they'd have been perfectly fine (they only spiked above 20Mb a couple of times). So let's say you're paying the $15-20K to drop in a DS3 to a hotel. If you could pay significantly less with no realistic impact to service, wouldn't you?
How many cor
20 Mb? (Score:1)
Re: (Score:3, Insightful)
From TFS:
With over 9,000 hackers, freaks, feds, and geeks attending Defcon 16, the temporary wireless network setup there is considered the most hostile on the planet.
It's temporary. It's not going to have to be maintained for years on end, which is the point of textbook wiring jobs. Otherwise it's a waste of effort.
Re: (Score:2)
Still it is sloppy for a temporary setup. Especially with a grandiose title of "First-Ever Photo Tour or Defcon's Network Center". I was expecting to see something Epic. Not just a hacked cabling job to some wi-fi access points. being that it is such a hostile network. I would expect in cases where things get out of hand they should be able to quickly unplug a rouge access point from the network ASAP, giving them a bit of time to view the logs block the mac address, before the guy moves in range of an other
Re: (Score:2)
I would expect in cases where things get out of hand they should be able to quickly unplug a rouge access point from the network ASAP, giving them a bit of time to view the logs block the mac address, before the guy moves in range of an other access point and starts again. Thus needing a little more organized designed.
That is why they use Aruba AP's. MAC's are banned automatically. Why would they ever to that manually?
Re: (Score:3, Insightful)
It's also probably set up for the conference, and taken down when it's over. Why would you bother neatly tying your cables and making everything proper lengths if you're going to just take it apart a week later? I'd be willing to bet most of their setup fits in that transit case under the firewall and switch.
Re: (Score:2)
Now granted it doesn't need to look neat to function correctly.
I've seen servers die because their power cables were dislodged by the weight of badly installed cables, also seen servers go offline when network cables get crushed and damaged. I'd say there is a fairly strong argument that it does need to look neat to function correctly, for permanent installs anyway.
This network was only built to last a few days so I doubt they're too worried ;-)
Re: (Score:1)
The temporary nature tends to lead to less stringent cable management and gfn (good for now) physical security. Although it's impractical to have a guard stationed at the network devices 24/7 for most companies for a conference it's probably the easiest and cheapest method.
Re: (Score:2)
"Physical firewalls" are often nothing more than a couple of sheets of type-X drywall: http://en.wikipedia.org/wiki/Sheetrock#Fire_resistance [wikipedia.org]
Re: (Score:1)
Sounds instead like that convention had "overly strong" server protection (seriously, what could happen?). Typically wasteful use of state funds, but don't let that get in the way of how much fun I'm sure it was.
Re: (Score:2)