Blue Team Tactics

[jim.halfpenny at gmail.com (Jim Halfpenny)]

2009/7/29 Bradley McMahon <bradmcmahon at gmail.com>

> I wonder if there has ever been a case where someone from the blue team
> went after the red teams machines.
>
> I am not sure of the rules of the CTF but being a linux admin I would try
> to find the MACs and IPs of the attackers as soon as possible and just write
> a iptables rule to drop all their connections or maybe route them to VM so
> they won't get suspicious.
> -Brad

Actively attacking red team machine would most likely be against the rules,
and if not against the spirit of the exercise. I'm not so certain about
blocking the red teams network addresses. A good firewall is a reasonable
security measure, so I think in principle it's fair. However if the rules
dictate that the services on the blue team's server need to remain
accessible for the duration of the games then perhaps blocking red team
breaks this requirement since the bad addresses cannot access the legitimate
services.

YMMV. You would have to check with the referees as to their interpretation
of the rules. I like to think this raises the bar for the red team but does
this go too far?

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090729/ef03a0b9/attachment.htm