Honeypots mailing list archives
FYI : First Honeylux Contest (fwd)
From: Alexandre Dulaunoy <adulau () foo be>
Date: Sun, 29 Dec 2002 14:53:57 +0100 (CET)
---------- Forwarded message ---------- Date: Fri, 20 Dec 2002 12:13:43 +0100 (CET) From: Honeylux-contest () honeylux org lu To: honeylux () honeylux org lu Subject: [Honeylux] First Honeylux Contest -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Introduction Computer Security should be in everyone's mind when connecting computers to the big, nice, shiny and weird world of Internet. Unfortunately this isn't the case for most of the concerned entities and therefore it is often an easy gome for attackers to get ahold of machines without being noticed at all. To learn more about such attacks, worms, virusses aso. the Honeylux project was created. It is the goal of this project, brought to life by CSRRT-LU, to show mainly to the security community of Luxembourg but also all other interested persons, that security is real and shoudl be taken into consideration. Luxembourg is a small country on a map but when it comes to virtual worlds there is no borders and with this there is no difference if yuor computer is connected to a Luxembourg network or a US network ar it only reflects an IP address. So thinking that connecting a computer to a luxembourgish network is of no risk because Luxembourg is of no interest you do already an error. In order to anticipate the security thinking amongst the computer community Honeylux was introduced and with HoneyluxR1 we took the decision to put online a small contest called the HoneyluxR1 forensic contest and everybody is welcomed to join the rally and win one of the prices. The Contest As it is also the goal of Honeylux to allow the communtiy to learn about forensic environments and how to analyze dumps and tools attackers have left over. The goal out of this is to get a real world example and analyze it by your own means and produce results and comments, have fun with it and learn out of it. If this is not interesting enough, the 3 best submissions will get prices (details to come). All we are going to tell you about the system is: * the system was a GNU/Linux system * it was connected via adsl to the Internet * the Time Zone was GMT+1 (CET) * the files to download are the tcpdump trace and four tools Here now some questions and deliverables you should be able to produce for your submission: 1. Identify the intrusion method, its date, and time ( be as specific as you can be) 2. Identify as much as possible about the intruder(s) 3. List all the files that were added/modified by the intruder. Provide an analysis of these programs ( including decompilation or dissassembly where necessary to determine their function and role in the incident.) 4. Was there a sniffer program installed? What else was installed? 5. What is publicly known about the source of any programs found on the sytem? 6. Build a timeline of events that you can get out of the capture and provide a detailed analysis of activity on the system and on the network. The Rules You are free to use whatever tools or techniques you like, provided that the jury is able to reaily interpret your results. Provide also the name of the tools you used and how you used them. Nonetheless you should explain your tools and techniques in your analysis and cite references to resources to allow others to learn by example. You can enter submissions as a team but there will only be one price given to the team, so up to you then to decide how you share the price. :-)) All submissions must be timestamped prior to 00:00 CET on 15 February 2003. All submissions should be sent to submissions () honeylux org lu The person who hacked the box is NOT eligible, nor are members of the Honeylux Project. Entries must be written in English Get the files The capture and the tools are available : http://www.honeylux.org.lu/project/honeyluxR1/ Prices Thanks to Datarescue http://www.datarescue.com/ and HSC for the prices. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+AvmTYHTW5uwY8PYRAqCQAJ9YIr4//3anvIb7GCSPy4IEbNAJjwCeP6vJ OHTHAlCG6NNiQ3pXv0zDVZc= =+gvQ -----END PGP SIGNATURE-----
Current thread:
- FYI : First Honeylux Contest (fwd) Alexandre Dulaunoy (Jan 02)