|
-
February 26th, 2005, 04:26 AM
#1
linux security wargame testing. interested?
I've just setup a server behind my router that I intend to spend quite a bit of time on, relearning the linux configurations. Took too long of a break and need to get back into the swing of things.
This is where you all come in. Right now, I have it up and running on the DMZ of my network and awaiting people to crack it. DoS it, DDoS it, root it, disable services. Anything basically. The more attacks you preform, the better I can learn how to defend against them in the future. The more attacks you succeed in, the better I can understand how you accomplished the exploit.
So, if you are interested in helping me relearn linux-based security, post here so I can invite you to join the private conference room here at AO. In that conference room we will keep everyone updated on what exploits you are running, methods you are using, and information you've discovered that will help others in their attempts. The more you tell everyone on that board, the better we can understand how you did it, and the better chance you have of helping me learn hoow to circumvent the attack you preformed.
Any further questions or interest in joining, comment here 
-
February 26th, 2005, 07:46 AM
#2
Depending on the setup, sure. With some details and a way to prove you have permission and own the box, of course.
-
February 26th, 2005, 07:52 AM
#3
Junior Member
yeh im in but as soda said you will have to prove that you have permision
-
February 26th, 2005, 10:10 AM
#4
Junior Member
I will have to see his posting providing he has ownership and permission of the Ethernet connection, the box, and has legal access to this location mundanely and or over the internet. I have seen challenges like this before, but still await a public anouncement of actual proof.
Without Sin
Never Again.
Zero Tolerance.
-
February 26th, 2005, 10:20 AM
#5
Christ, if this isn't annoying to hear. Much less have two people repeat it.
I will be pming Soda after I edit the index.html to show I have complete ownership of the server, by giving him the IP to request modifications to the index.html. No way in hell I'm going to give the IP to people who have a stick up their ass, just for proof.
Of course, logically done, if this was an attempt to make people attack an innocent server, why on earth would I create a thread about it in AO? To trick you? Pfft.. seriously guys.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 26th, 2005, 12:20 PM
#6
Of course, logically done, if this was an attempt to make people attack an innocent server, why on earth would I create a thread about it in AO? To trick you? Pfft.. seriously guys.
But that the art of deception, build trust and then trick people into doing something that you want and they may get into trouble for. IMO, I don't think it's an unreasonable request since many people can't meet with you in person and get a written, signed document that says people can attempt to break in. You may be very trusting and honest but not everyone that visits here is.
Just a thought.
-
February 26th, 2005, 12:35 PM
#7
Yeah. That, and you may also need to notify your ISP, and chances they may forbid you to do that. They may do casual traffic monitoring, and a sudden high and suspicious traffic may trigger an alert. Remove DoS/DDoS from your "list" and you'll be safer. Wargame is supposed to be played on isolated private LAN.
Just another thought.
Peace always,
<jdenny>
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
-
February 26th, 2005, 03:58 PM
#8
Originally posted here by guardian alpha
Christ, if this isn't annoying to hear. Much less have two people repeat it.
I will be pming Soda after I edit the index.html to show I have complete ownership of the server, by giving him the IP to request modifications to the index.html. No way in hell I'm going to give the IP to people who have a stick up their ass, just for proof.
Of course, logically done, if this was an attempt to make people attack an innocent server, why on earth would I create a thread about it in AO? To trick you? Pfft.. seriously guys.
Guardian, don't take it personally, but really...we don't know you from Adam. I'm going to go out on a limb here and assume you aren't a professional Security Engineer/Analyst/Administrator. You have to realize that those of us who perform vulnerability assessments and penetration tests for a living have a strict guideline on what must be procured from the owner of the system before ANYTHING is done. A lot of legal mumbo jumbo, basically, that says "you may do whatever to my system to try and break in and I won't sue you or call the cops". It's our version of the get out of jail free card from Monopoly.
THAT's why it's coming up repeatedly. Those of us who may NOT do this for a living, but know how and are willing to help, those guys and gals MUST be assured that they aren't being duped into attacking a system under the guise of 'helping someone learn'. This is a much more common request than one would think, and the folks who are wanting to help can easily be portrayed as malicious by the wrong people. It's a defense mechanism.
Hats are obvious, behavior isn't. And what is white to one person may be gray to another.
[i]--Gene Spafford, 2002
/* edit */
I'd be very happy to help as well, pending the considerations mentioned by others.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 26th, 2005, 10:04 PM
#9
MsMittens, zencoder. I do understand where you are coming from, please know that. But I'm coming from such a close-knit community of network security operatives that something as childish as "fooling" people into attacking a server they don't own, isn't going to cross our minds. We just have better things to do than fake out members we help every day.
I've sent a GnuPG encrypted index.html file to the server, which Soda Pop has the ability to decrypt once he has obtained the public key of mine, which is in his PM box.
After he registers my gnupg key and decrypts the file on the webserver, he should AFAIK be coming back to let everone know the coast is clear.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 26th, 2005, 10:16 PM
#10
MsMittens, zencoder. I do understand where you are coming from, please know that. But I'm coming from such a close-knit community of network security operatives that something as childish as "fooling" people into attacking a server they don't own, isn't going to cross our minds. We just have better things to do than fake out members we help every day.
That's fine. But this is a 60,000+ member forum. While there are some closer ties with some, it's not always the case and there are no guarantees. As the saying goes, caveat emptor 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
