Information Trust Institute: University of Illinois at Urbana-Champaign

Hosts

Red Team

Sponsors

We are looking for additional sponsors.

Contact Information

E-mail mwccdx at iti.uiuc.edu for additional information about the collegiate cyber defense competition.

 

 

Competition Team Packet

Final version of the team packet that describes the competition scenario and rules. Updated 3/24/06.

Final verion of the competition network. Updated 3/24/06.

YoYoDyne Business Policy Document as of 3/24/06.

The scoring engine source is posted. It has been developed by DelMar College in preparation for the 2006 Southwest Regional.

FAQ

• How long do we have to secure our boxes before we are attacked?
  The scoring engine will start immediately upon start of competition on Friday, and the team will be receiving business injects. The red team will be spending much of Friday preparing and probing. Serious red team attacks will not start until Saturday.
• Can we use commercial product XYZ? It has a free evaluation license.
  We are restricing tool use to free software or software that comes with the Windows OS license. So even tools with free evaluation licenses are not allowed.
• Are there any restrictions regarding the downloading of information from the Internet and subsequent transfer of that information to the team network?
  The downloading of disk or OS images is not authorized at this time. Examples include: ISO, VHD, VMX, NJO, NSO, Record Now, GHO and so on. The intent of this competition is to think on your feet and adapt a running configuration in real time. If you desire a particular OS to load your No OS system, let us know ahead of time, and we will provide install media.
• Are VMWare products, MS Virtual Server or Virtual PC authorized for use?
  The use of these products has not been determined but will be prior to the competition. If any of these products are allowed, they will be added to the teams tools CD that each team will receive. As a reminder, VHD images are not permitted for download and transfer into the competition network.
• How fast will the Internet connection be with respect to the independent system used for downloading?
  The Internet link is a high speed link (100 Mb/s) but may also be throttled at any time with regard to performance hence a very large download may take an extended amount of time.
• Can we swap team members after the competition starts?
  No. You can adjust the roster up to the start of competition, but at the start of competition your eight competition slots are fixed.
• Can we configure/upgrade firmware on the routers and switches?
  Yes.
• Will the competition systems be connected to the Internet?
  No, the actual competition network will not be connected to the Internet. Each team will be provided with an Internet-connected PC running Windows XP Pro where they can download software, patches, Google, etc. The Internet PC can not be connected to the competition network at any time.
• How will we transfer data from the air gapped Internet machine to the competition network?
  Each team will be provided with a 1GB flash drive to facilitate file transfers.
• Can we connect our laptops to the Internet?
  No - the Internet connection can only be used with the competition provided PC.
• For the "business tasks"/injects, if our team is able to suggest a more secure alternative that meets the same objective, and doesn't require a CS degree to carry out (ie its easy for a mgmt type), can we substitute that alternative and still receive full credit?
  The business tasks will be similar to business tasks you may receive in a corporate environment - you'll be asked to provide a service or a function. If you can come up with a better, faster, more secure way of providing that service or function by all means do so. For example, we going to ask you to provide an FTP service with the following files and accounts - how you support that FTP service and what software you use is up to you.
• What IP address will the scoring engine be on?
  The IP address of the scoring engine will change periodically throughout the competition.
• Does the scoring engine just check availability of services?
  No - the scoring engine will be checking functionality as well so it's not enough to have something "listening" to a specific port. The scoring engine will check to make sure a web server exists and is actually providing content, a mail server actually sends and receives mail, a DNS server responds to queries, etc.
• What kinds of tools/software can we use/bring with us?
  A: You may bring into the competition rooms printed materials only.
• Will DoS attacks be used?
  We will allow the red team limited use of DoS attacks if it permits a secondary exploitation; however use will be extremely limited. The red team is not there to simply pound on or crash servers.
• How does the scoring engine address the services? That is, if we rearrange our networks or move services between machines, what must we keep fixed so the scoring engine can find the service? Note: the answer to this has changed!! The scoring engine will be using fixed IP addresses to talk with the services. From the scoring engine's perspective, a team must continue to provide services on the same addresses as the system was originally configured. The DNS information is checked by the scoring engine, but it is not used to determine the "current" address of a particular machine. In fact the DNS name to address mappings key names must also remain constant.
• Will the red team be attacking any of the global resources?
  No - the red team will not be attacking any of the global resources. They will only be examining team systems.
• Will we have a KVM and a single head, or will we have a head for every machine?
  Each team will have a laptop, and a combination of KVM's and four monitors for seven systems.
• What are the model numbers and images of the network components?
  
  • Router 2611XM:c2600-advsecurityk9-mz.123-14.T5.bin
  • Switch 2950: c2950-i6k2l2q4-tar.121-22.EA6.bin
  • Pix: pix704.bin
  • SDM: SDM-V22a.zip
  • ASDM: asdm-504.bin