Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Computer Attack and Defense As Spectator Sport 142

zanbar writes "There was a Slashdot story in March about the Alamo Drafthouse in Austin -- using WiFi in a theater. On Jan 11th, an event at the Alamo will combine video with wireless. LinuxTopGun.org gives details about a series of computer network attack competitions going on tour through North America. They bring in a Linux/Apache web server, a bunch of teams bring in their laptops and attack it over a wireless network. Teams take turns onstage defending the server and then answering audience Q&A about their strategies. MCs interview competitors and explain network attacks to the audience. DJs mix and VJs flip live video with network visualization software -- animations like in the movie 'Hackers.' Judges award points for how well competitors perform, both online and onstage, and the top teams win prizes... It's like watching computer attacks as a live sport. There is also some discussion taking place in #ltg on efnet."
This discussion has been archived. No new comments can be posted.

Computer Attack and Defense As Spectator Sport

Comments Filter:
  • Geek Olympics!
    • Here let me go ahead and sum up what will really be happening: script kiddy heaven (need I say more). I'm sure the other peer computers will be attacked just as much as the server, because script kiddies love getting new toys.
      • script kiddy heaven

        I don't think that they'll give script kiddies any chance at all. It won't be to hard to set up the victim server in a way that no "script" exploit will work. At least it *should* be no problem for insiders of the cracking/hacking scene.
  • by ostiguy ( 63618 ) on Sunday December 22, 2002 @02:19PM (#4941111)
    Magic 8 ball points to very doubtful.

    ostiguy
  • worst idea ever (Score:3, Interesting)

    by atarrri ( 580364 ) on Sunday December 22, 2002 @02:20PM (#4941118)
    People watch movies like swordfish and think people can break into a network in under a minuite while getting their knob schlobbed. The truth is hacking is a lot slower in real life. I would rather watch the pong channel.
    • that climaxing right at the moment of guessing the root password to a nice big supercomputer would be so choice.
    • Junkyard Wars? (Score:5, Interesting)

      by SHEENmaster ( 581283 ) <travis&utk,edu> on Sunday December 22, 2002 @02:36PM (#4941199) Homepage Journal
      Junkyard wars is 12 hours long (10building+1tweeking+1competing), but when slimmed down to an hour TV show it is one of the best things on tv.

      Why?

      Because they talk with the teams, and explain the engineering behind the plans. I think that by having teams rather than individuals compete, with a team radio or something that the audience could listen to it would be worth attending/watching.

      How long does my younger brother have to wait for the cartoon?
      • Re:Junkyard Wars? (Score:2, Informative)

        by gmhowell ( 26755 )
        How long does my younger brother have to wait for the cartoon?

        There is a kids version on Saturday mornings on NBC. I think it is called "Operation Junkyard".

      • Something else JW has is explanatory graphics. This should be done here too - it wouldn't be hard to anticipate what the teams will be up to.
      • I dunno about Junkyard wars... The more I watch it the more I think the hosts/interviewers are just patronizing the contestants. ("What a bunch of pencilheads! Let's all get together and give them swirlies after the show!")
  • by kfg ( 145172 ) on Sunday December 22, 2002 @02:20PM (#4941121)
    I'm not a crook or a terrorist for God's sake. I'm in *training.* Coke is talking contract and they're considering me for a color commentator position with "Monday Night Crack."

    Oh stop crying Ma. That does *not* mean I'm a junkie.

    Jesus I've gotta move out of the basement and find my own place.

    KFG
    • God, that reminds me...me and my brother were in the backseat of the car, beaming programs between my IIIc and his new Treo (the bastard!). Eventually we're up to the hacks (he didn't have the magictext hack!) and my mom turns to dad and says "Cripes! We've got criminals for sons! They're hacking back there!" :)

      Try explaining /that/ to someone who's barely comfortable with windows :)
  • by deft ( 253558 ) on Sunday December 22, 2002 @02:20PM (#4941123) Homepage
    if they have trouble with video game tournaments getting mega-popular, i cant imagine how hard it will be to promote the local ghost white chubby kid typing away at a command prompt.

    "wow, he typed a string of commands... the crowd hushes"

    • deft writes:
      "wow, he typed a string of commands... the crowd hushes"

      This sounds about as exciting as ...uh ...hm. Golf.

      Hey, maybe this does have some potential...
    • it is - in fact - quite entertaining to see. one of the greatest things is that even as a spectator, you can participate. the network is open to anyone who wants to attack. even better, if you participate on a team, it's fun to 0wn every other team out there. there does happen to be some commentary going on during the competition as to what is going on, so that the audience has a good idea as to what is going on. it's really a matter of interest whether on not you find this kind of thing entertaining. personally, i find baseball incredibly boring. hacking competitions, on the other hand, are very entertaining to me. it's very much a competitive team sport.

      NcongruNt

      Team Austin2600
      austin2600.org [austin2600.org]
    • I would love to attend an event like this. The learning possibilities would be nearly endless for someone like me. Something like this is unbelievably fascinating to me, and would prefer to watch it than the latest Quake or Unreal match (and i was pretty into the hardcore Q3 scene a few months ago).
    • Hey, they showed Magic: the Gathering tournaments on ESPN2 a while back. In Korea they show video games and go matches on television. Live hacking competitions surrounded by a techno music video doesn't sound so bad, really.
  • Why not put phone booths up where the guys who are doing the hacking will go, and kit them out with bizarre headsets (with no apparent function) and laptops that have been doused in spray paint.

    Hack the planet!

    And yes, I am kidding :)
  • by treegnome ( 324068 ) on Sunday December 22, 2002 @02:22PM (#4941130)
    It's like watching computer attacks as a live sport.

    As the geeks slowly take over the earth, and the collective physical fitness of the human race goes down.. we'll be seeing this at the Olympics one day.

    Awesome.
    • Not far fetched considering the recent announcement of inclusion of Ballroom Dancing in the Olympics.
    • .. we'll be seeing this at the Olympics one day.
      COMMENTATOR 1: Okay, it looks like Scott is making his move. He's reaching into the mini-fridge. Let's see what he has in his arsenal. It's probably a Jolt... It's... It's...

      COMMENTATOR 2: Oh my God! He pulled out a Mountain Dew! Folks, jaws are dropping.

      COMMENTATOR 1: But don't count out Jimmy yet from the Canadian team... he's ... he's ... Yes! he's pulled out the Perl manual. Ooh ... looks like it's only Perl 5. I don't know what he's thinking.

      COMMENTATOR 2: Sacrificing features for stability. That's a rare move in this sport...
  • by saskboy ( 600063 ) on Sunday December 22, 2002 @02:24PM (#4941147) Homepage Journal
    Isn't this like watching paint dry compared to... UNREAL touraments?

    Why would I watch hackers hack, when I can see graphics of blood and gore in a game of tag that even an ape can enjoy and understand?

    I mean, I'm a geek, but this just seems a little too bizzare for all but the uber-geeks of the world.
    • You know, I've noticed that the really good players aren't often as fun to watch any more. I mean, it's still fun to watch them play the slower-paced games like tactical ops (for example) because then when they're being a badass, it's like a movie. People aren't running around (typically) at 150% speed. But when you're playing double-speed instagib low-G CTF it's like everyone is a goddamn super-high-bouncing-ball (aka superball) and everyone is firing at each other like a goddamn neuron... BLAM BLAM BLAM BLAM BLAM.

      Now, the fun games to watch are the really pretty space combat sims like freespace 2 for example, which is old enough to now play at high resolutions on mediocre machines. I have a tbird 1.4 gig with a gf3ti200, which is way more machine than you need to play THAT... And it looks especially pretty at 1024x768x32bpp which was only barely playable on my old config (GF2MX400, Athlonclassic 700.) They're pretty, they're accessible thanks to years of prime-time sci-fi programming (TELEVISION programming) and they're epic.

  • Ping? Ow! (Score:5, Funny)

    by LinkDJm ( 591686 ) on Sunday December 22, 2002 @02:25PM (#4941153) Homepage
    I want to see a DDoS illustration using people and ping pong balls. Now that's edutainment!
    • by Anonymous Coward
      It's only educational if the ping pong balls at Bill Gates, or hand grenades at Hillary Rosen. Maybe it'll become a Fox special. :)

  • Hackers? (Score:3, Insightful)

    by jaymzter ( 452402 ) on Sunday December 22, 2002 @02:29PM (#4941165) Homepage
    and VJs flip live video with network visualization software -- animations like in the movie 'Hackers.'

    The movie 'Hackers' had nothing to do with computers or reality for that matter. Please don't feed the trolls.
    • While you have a very valid point, the visual animation of the attacks does look quite similar on the surface to that in hackers.

      See here [unm.edu].
    • Re:Hackers? (Score:3, Funny)

      by Zeebs ( 577100 )
      Crp, ou man if t's not ood if i sray aint my laptp kybard?
      • I spray painted my entire computer case, monitor, and keyboard silver with blue cloudiness and a blue stripe on the case. Why? I don't know... It did look pretty cool. Coincidentally it was shortly after I first saw the movie hackers.

        No, I didn't have any problems typing, because I can type with my eyes shut. If I make a mistake, I feel it, and hit backspace without even needing to see what's on the screen.
  • Net visualizations? (Score:5, Interesting)

    by .@. ( 21735 ) on Sunday December 22, 2002 @02:30PM (#4941169) Homepage
    I wonder what network visualization tools they're using? It'd be interesting to see what visualization tools are compelling enough to use in a spectator sport.

    I checked the site, but there was only a link to one.

    Does anyone else know of any dynamic, visually-interesting (and preferably free) visualization tools? Something like this might be a big hit if done at conferences and the like. I'd like to introduce them to a few I attend.
    • by Mike1024 ( 184871 ) on Sunday December 22, 2002 @02:57PM (#4941285)
      Hey,

      I wonder what network visualization tools they're using? It'd be interesting to see what visualization tools are compelling enough to use in a spectator sport.

      According to the (not very impressive) website, they're using HackerPacket 1.0 [unm.edu].

      Description:
      HackerPacket is a tcpdump utility inspired by "The Gibson"

      Features:
      Uses Winpcap for packet trapping
      New Towers spring up on new host connections
      Packets are designated by particles coming from the buildings.
      Raw incoming packet information is displayed on the towers, along with IP address
      w,s,a,d to move and e to lock the camera.


      So apparently it will literally include animations like in the movie 'Hackers.'

      Michael
      • Yes, but they're using others as well. That's but one of many...I was curious what others they were using, or perhaps what other visually captivating, dynamically-updating network visualization tools other folks might be aware of.
    • by Anonymous Coward
      Network Intelligence, http://www.networkintelligence.biz provides a near real-time 3D view into network topology and traffic visualization (using OpenGL). It's not really designed for LAN use though and works better with WANs. It's also not free for commercial users.
    • some of the g-cipher crew in Austin are working on making an open-source solution. look for it in a couple months.
  • Like NASCAR (Score:3, Funny)

    by snitty ( 308387 ) on Sunday December 22, 2002 @02:36PM (#4941198) Homepage
    This is the kind of thing you only watch hoping someone gets hurt. Whether it be the server or a sudden case or carpal tunnel.
  • by HealYourChurchWebSit ( 615198 ) on Sunday December 22, 2002 @02:37PM (#4941203) Homepage
    Laptops used attack over a wireless network? Teams take turns onstage defending the server?

    Bah, Feh!

    Whatever happened to the good-old-days of experimental theatre when the audience was encouraged to take off _their_ clothes and join the fun onstage?!

  • wow! (Score:1, Insightful)

    by RyLaN ( 608672 )
    I can get all my 8th grade l337 friends, and we can go clean up!! what fun, a competition for script kiddies...maybe we could hax0r the dj box..
  • Linux Top Gun (Score:5, Interesting)

    by yar ( 170650 ) on Sunday December 22, 2002 @02:44PM (#4941231)
    Naysayer's to the contrary, it's actually an interesting event.

    I attended part of the last LTG at Mojo's Daily Grind [mojosdailygrind.com]. There were many, many people there participating and watching, and you have a lot of opportunity to meet new people. The actual "hacking" was slow, but there was music and a projector screen showing what was going on, if you could follow it. One of the better features was that after their attempts each team would have a Q and A session with the audience. I'm looking forward to attending the next one at the Alamo [drafthouse.com]...
    • they usually want to know why I changed their root password...

      and why their homepage has strangely changed to Slashdot...

      and why all their friends recieved bizarre emails from them...
  • Next: All-Star Core Wars [corewars.org] ....
  • by Mike1024 ( 184871 ) on Sunday December 22, 2002 @02:50PM (#4941255)
    Hey,

    My main question would be: How are they going to make this interesting?

    I mean, computer security usually means good network structure, strong passwords, turning off services that aren't required, and keeping up to date with patches. And they almost certainly won't allow rewiring (i.e. firewall installation).

    And the red team institutes a password requiring passwords to be 18 charachters long, and not found in any dictionary! The crowd goes wild!

    Oh, and the blue team schedules an automatic twice daily apt-get of all updates! Surely the red team are done for?!

    But no, the Red team have found a finger daemon they missed, and deactivated it! This is turning into a very close contest!...


    Of course, the website talks about support by models from Hot-Tool Fashion Crew [gbronline.com]. So it could be good.

    But it'll be hard.

    Michael
    • So they're selling this with girls in metal bras? That will probably work. People would watch a show with guys filling out tax forms if it was accompanied by models in fetish wear. Thanks Comedy Central.
    • by meridian-gh ( 584679 ) on Sunday December 22, 2002 @04:49PM (#4941631)
      At CTF [ghettohackers.net] at Defcon [defcon.org] the Ghettohackers [ghettohackers.net] had the teams attacking each other, instead of a central server. They were given an custom distro of linux that was specifically engineered to be horribly insecure. In addition, in order to score points, they had to keep some of these insecure services running. So they couldn't just boot off their CD Image of OpenBSD, and sit there and chuckle. They had to keep things like Finger, and Telnet working and functional in order to get points.

      This meant that the "action" starts off hard and heavy. We saw people rooting and getting rooted right away.

      To make things a little more interesting, we designed the scoreboard after the NASDAQ Big Board, and projected it on two walls. The teams' scores were displayed as stock prices. The scoreboard was also played over the Alexis Park television system. We had news updates on the status of the teams every so often.

      Of course, we didn't broadcast the action as a cute little 'gibson' visualization. Nor were their live DJs (We used pre-set playlists). However, people still seemed to get a kick out of it. You could see the whole room go quiet and stare when a news update would come on...

      Next year is going to be even better (Yes, this is a bit of shameless promotion).

      R

    • Of course, the website talks about support by models from Hot-Tool Fashion Crew [gbronline.com]. So it could be good.

      Worst website EVAR.

    • Having been at the last one, I can comment:

      They allow very little prep time (about 5 minutes, IIRC, from an insecure-by-default Red Hat install). Thus, it's not a matter of who can make the most secure box; it's a matter of who can close the holes which are most likely to be exploited *quickly*. So instituting a password policy is fine, but you still need to take the time to change the passwords, or run that apt-get (which means you need to first install apt-rpm and do an initial update, all of that taking up your precious prep time).

      Now, I ended up walking downtown and strolling around on 6th street, and so missing a fair bit of the action... but what I was there for was not entirely uninteresting, if for no other reason to see the huge antenna put up by the 2600 team.
  • by BSOD from above ( 625268 ) on Sunday December 22, 2002 @03:07PM (#4941303) Homepage

    -Well Norman, looks like team 1337 is going for the Port 24567 vulnerability.

    -Yes Edmond, but I think that h4x0r's defenders probably have that patch on disk.

    ...on and on...

    -(9 hours later)Oh, 1337's coders were just using that as a distraction while they sniffed other open ports.

    -Well Ed, looks like team 1337 has really got a 'handle' on the buffer overflow.

    -Thanks, Norm, looks like this could be the end for h4x0r. We'll be back with highlights after the break.

    hazardfactory.org [hazardfactory.org]

  • I would pull out my Network card!

    H4X0R that, beotch!
  • Will Angelina Jolie be guest emceeing?

    Will it look and sound like Rez?
  • by digital photo ( 635872 ) on Sunday December 22, 2002 @03:55PM (#4941371) Homepage Journal

    I'm thinking back a few years... actually, quite a few. There was a game called "CoreWars". Bell labs , I think.

    It was one of the first, if not the first, kind of game where software was programmed to attack each other and basically be "kind of the hill".

    Anyways, I'm thinking that the only real way to make a "hack" session interesting is to have a visual aspect, which is what corewars had. You both wrote your code. Put it into the system's core memory, then let them rip. You'd actually be able to see the memory map being consumed by the programs.

    Too bad the same can't be said of people breaking into systems, that is... unless you have a massive network of say... 5000 systems and they have a "flag" system so as they are taken over and used, their "allegiance" color changes.

    But do these people actually have any idea how long that takes or how numbingly boring it is?

    1. Start script to scan
    2. Wait for scan.
    3. Wait for it...
    4. Still waiting...
    5. Got hit and adding to list.
    6. Going back to waiting...

      It would be interesting to see what they come up with, but I think maintaining systems and fending off network abusers is "interesting" enough without turning it into a sport.

      Especially true people make some associations between your particular "style" and some criminal files which are still open on a detective's desk. Yes, that can become quite interesting in a spectator kind of way real fast.

  • All their visualization software did was crash my PC. Neat.
  • As a member of a newly cobbled together group of 'entry level' security analysts I am looking at this as an example of something we may put together for our lab in order for us to gain more experience in this area. We have a number of OSes and a few lab computers as well as some of our own personal 'lab' computers to work from. [Many years' IT experience this is our first security job so we start by yep, you guessed it, watching IDS sensors but it is good learning].
  • Okay, so they're going to use network visualization software to make it look more interesting to the audience. It'll probobly be way too flashy and 'Hollywood' to be useful.

    Here's a question - Does anyone know of visualization software that would be actually useful in detecting patterns or attacks in network traffic?
  • by Anonymous Coward
    Rather than setting up a specific new target, just select a spammer, or a website that a spammer is advertising and take it off line for good. Find the spammer and melt it down.
  • Mirror (Score:2, Informative)

    by PFAK ( 524350 )
    Took the liberty to setup a mirror for topgunlinux, as it has been /.'ed and the downloads of the videos are slow, you can find the mirror here [trono.org]..

    Have fun :)
  • I don't imagine that there will be too many available connections left to watch on after the NSA and FBI bogarts most of them to monitor things for themselves. I don't see them missing out on the opportunity to watch a crapload of different approaches to cracking all at the same time from the crackers' perspectives. That'd be like them not bothering to watch an international bank robbing competition.
  • Another good reason to head down to the Drafthouse. The Two Towers there was sweet. Unfortunately I'll be at CES when this event happens. :(
  • Since they're attacking it over a WiFi link, can't the server team jam the WiFi band? What about non-geek methods, aka Human Engineering hack attempts?
  • Sport? (Score:3, Funny)

    by j_kenpo ( 571930 ) on Sunday December 22, 2002 @04:42PM (#4941603)
    Now this might be a sport worth watching if they were hacking the server while being chased by FEDS with clubs and tasers, that would add some sport element to it.
    • actually, some of the participants have been chased with a taser by the organizer of this event. but it's all in the past... or is it?
  • Technology rolls on (Score:3, Interesting)

    by GeckoFood ( 585211 ) <geckofood@@@gmail...com> on Sunday December 22, 2002 @05:07PM (#4941716) Journal
    I guess we have all outgrown the days of C-Robots and CoreWars... *sigh* I know, I know, it was just real cheesy pseudo-animation, but for its day it was pretty cool.
  • by sawilson ( 317999 ) on Sunday December 22, 2002 @05:43PM (#4941850) Homepage
    It's a proven fact that more people hack Windows
    than Linux. I think they'd open the competition up
    to more people if they use the number one operating
    system for the target. There is an enormous pool of
    MCSE's nationwide they could draw upon to defend the
    windows server. I personally think that would be a
    lot more fun to watch. *cough* *cough* :)
    • yeah, i can see it now......
      "and here they go, as they race to get each patch downloaded and reboot the server, over and over again before their preparation time is up and the server goes LIVE"
      "oh! it's a blue screen of death!"
      "and now, to bring out the secret weapon..... THE NIMDA VIRUS!! can the defending team download the patch in time???"
      -seriously lame
      ianawu (i am not a windows user)
    • It's a proven fact that more people hack Windows than Linux.

      It is? Links please?

      I suppose it would also help to know how we are using the word "hack" today too...

      Also, it's a little hard to make on-the-fly patches to a system with closed source.

      -Tommy

  • by Neologic ( 48268 ) on Sunday December 22, 2002 @05:43PM (#4941851)
    While this idea sounds like it might be rather slow paced, I think this would be a great idea for an advanced network security class. The class is divided up into teams that is responsible for admin'ing a server. They have to keep it up while attacking the other team's machines. You get to learn about system admin as well as actual hacking techniques and defenses. I wish my school had a class like this...
  • in real-time, it would be slow as people are complaining about.

    But, like soap operas, on the Net, you could log in, check out what's happening, get alerts when something interesting is goining on...

    And while you're online, with streaming video, you can watch the hot babes (call them "Hacker Hooters Girls"!) while nothing else is going on...

    Get your porn and your hacking at the same place!

    Look at it like Survivor - who woulda thought something that stupid would take off?

    This could be interesting if "done right" - unfortunately nothing is ever "done right"...

  • by Eberlin ( 570874 ) on Sunday December 22, 2002 @06:35PM (#4942058) Homepage
    Today's secret ingredient is...a Tux webserver!!!

    Fuki San! (yes, go ahead!) The challenger is now going into the KDE menu and invoking nmapfe!

    (one of the guest judges:) Hahaha, he'll soon find out that the people running the server took notes from a different competition and firewalled everything but port 80 on the server.

    Fuki San! (yes!) The Iron h4x0r Linux commented on the challenger's methods by saying true l337 people run nmap from the command line. The Iron h4x0r has also already discovered that only port 80 is open and is now launching a brute-force attack on any default CGI scripts the secret server may have installed.

    Ah yes. They could call it the I 0w|\| j00 Stadium and have Iron Cracker for Linux, BSD, Solaris, and I guess Iron Cracker Windows would be like "Iron Chef TV Dinner" or something.
  • "...animations like in the movie 'Hackers."

    Hmmm.. There's a sure way to de-value your sport.
  • If you could tie things like Telnet and different port acess points to map locations and then have to fight to gain control of those areas and then have people doing the actual hacking while your team is fighting for control... I think this could have possibilities.

    Imagine having areas where you could gain access to a root terminal, password files etc... Combine the high adreneline of FPS game with the slower meta game of hacking the other guys system. Make the ultimate goal cutting off the other teams access to the game server or something like that.
  • Maybe I missed it, but I see no reference to this "showing" anywhere but the Alamo. Did I miss a link somewhere?
  • In Austin. They had it at Mojo's Daily Grind, a local coffee house. It sucked, frankly. There were about 20 people there and it was pretty lame. I left like right after I got there. Frankly I'm surprised this is getting slashdot coverage. If the next one is better, maybe.. but if it's anything like the last one you'd be wasting your time going.
  • This is by far the geekiest thing I have ever heard of in my entire life.
    PS. I'd probably go watch
  • I suggest they change the concept.
    They should call it Crash-It-UrSelf and give the winner a new linux box.The one who crashes his box beyond repair first is the winner.

    Better not come in second :-)
  • If the assaults are carried out over wireless,
    the best defense we can do is enclose the whole thing in a faraday cage, that should do the trick.

    Alternatively, the best defense is a strong offense, so a modded microwave oven with a waveguide attached could be used to toast the suckers.
  • This quote is taken from the Diamondback, the University of Maryland
    student newspaper, of Tuesday, 3/10/87.

    One disadvantage of the Univac system is that it does not use
    Unix, a recently developed program which translates from one
    computer language to another and has a built-in editing system
    which identifies errors in the original program.

    - this post brought to you by the Automated Last Post Generator...

If all else fails, lower your standards.

Working...