Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

FYI : First Honeylux Contest (fwd)

From: Alexandre Dulaunoy <adulau () foo be>
Date: Sun, 29 Dec 2002 14:53:57 +0100 (CET)

---------- Forwarded message ----------
Date: Fri, 20 Dec 2002 12:13:43 +0100 (CET)
From: Honeylux-contest () honeylux org lu
To: honeylux () honeylux org lu
Subject: [Honeylux] First Honeylux Contest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Introduction

Computer  Security  should  be  in  everyone's  mind  when  connecting
computers   to   the   big,   nice,   shiny   and   weird   world   of
Internet. Unfortunately this isn't the  case for most of the concerned
entities and therefore  it is often an easy gome  for attackers to get
ahold of machines without being noticed at all.

To learn  more about such  attacks, worms, virusses aso.  the Honeylux
project was created.  It is the goal of this  project, brought to life
by CSRRT-LU,  to show mainly  to the security community  of Luxembourg
but  also all  other interested  persons,  that security  is real  and
shoudl be taken into consideration. Luxembourg is a small country on a
map but when  it comes to virtual worlds there is  no borders and with
this  there  is no  difference  if yuor  computer  is  connected to  a
Luxembourg  network  or  a  US  network  ar it  only  reflects  an  IP
address.  So thinking that  connecting a  computer to  a luxembourgish
network is  of no  risk because  Luxembourg is of  no interest  you do
already an error.

In  order to  anticipate the  security thinking  amongst  the computer
community  Honeylux was  introduced and  with HoneyluxR1  we  took the
decision to put online a  small contest called the HoneyluxR1 forensic
contest and everybody is welcomed to join the rally and win one of the
prices.  The Contest

As it  is also the  goal of Honeylux  to allow the communtiy  to learn
about  forensic  environments  and  how  to analyze  dumps  and  tools
attackers have left over. The goal out  of this is to get a real world
example  and analyze  it by  your own  means and  produce  results and
comments,  have fun  with  it and  learn out  of  it. If  this is  not
interesting enough, the 3 best submissions will get prices (details to
come).

All we are going to tell you about the system is:

    * the system was a GNU/Linux system
    * it was connected via adsl to the Internet
    * the Time Zone was GMT+1 (CET)
    * the files to download are the tcpdump trace and four tools

Here now some questions and deliverables you should be able to produce
for your submission:

1. Identify the intrusion method, its  date, and time ( be as specific
as you can  be) 

2. Identify as much as  possible about the intruder(s)

3. List  all  the files  that  were  added/modified  by the  intruder.
Provide  an analysis of  these programs  ( including  decompilation or
dissassembly where  necessary to determine their function  and role in
the  incident.)   

4. Was  there  a  sniffer  program installed?   
What else was installed?  

5. What is  publicly known about the source of any programs found on  
the sytem?  

6. Build a timeline  of events that you can get out of the capture and 
provide a detailed analysis of activity on the system and on the 
network.

The Rules

You are  free to use whatever  tools or techniques  you like, provided
that the jury  is able to reaily interpret  your results. Provide also
the name of the tools you  used and how you used them. Nonetheless you
should explain  your tools  and techniques in  your analysis  and cite
references to resources to allow others to learn by example.

You can enter  submissions as a team but there will  only be one price
given to  the team,  so up  to you then  to decide  how you  share the
price. :-))

All submissions must be timestamped  prior to 00:00 CET on 15 February
2003.

All submissions should be sent to submissions () honeylux org lu

The person who hacked the box  is NOT eligible, nor are members of the
Honeylux Project.

Entries must be written in English Get the files

The     capture     and      the     tools     are     available     :

http://www.honeylux.org.lu/project/honeyluxR1/ 

Prices

Thanks  to Datarescue http://www.datarescue.com/  and HSC  for the
prices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+AvmTYHTW5uwY8PYRAqCQAJ9YIr4//3anvIb7GCSPy4IEbNAJjwCeP6vJ
OHTHAlCG6NNiQ3pXv0zDVZc=
=+gvQ
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: