[NOTE: This is a condensed version of the announcement. Once I have ip
addresses and stuff I will release it to give people as much time as possible
to gear up for the attack. The machine will be attached to our public net
which will be addressable as defcon.org starting Friday the 4th to the 6th]
OK, here's the deal: having demonstrated to our own satisfaction that you
can't easily get *into* a Sidewinder(tm) from the *outside*, we now will now
test how hard it is to get *out* of one from the *inside*. Herewith, the
rules:
Rule 1. There are no rules. There are, however, some things you have to do
to claim the reward:
- A. Log into the host as "demo." The door's wide open, no need to knock.
- You'll find yourself in a limited service environment that looks a lot like a
C shell. It isn't. Among the services denied to you is telnet and ftp.
(Mail works fine, to show that we can control function instead of just ports.)
Note that this demonstrates our ability to
encapsulate and protect an arbitrary service. You don't have to waste a lot
of time figuring out how to fool Mosaic or some such to perform a particular
command sequence; just log in and do it directly.
- B. Break out of the limited service environment and get to the machine on the
other side.
- C. Extract the congratulatory note stored in /pub.
- D. Publish the signed congratulatory note on Usenet so anybody on the net can
verify the signature.
- E. Publish a description of how you did it in enough detail so that anybody
on the net can duplicate your feat.
- - ---------------- The Rewards -------------------------------
- World-wide bragging rights on Usenet.
- A nifty jacket with a Sidewinder(tm) [7] patch on it.
- A framed paper certificate, signed in ink by the members of the
- Your name in our public documentation, along with a description of your
attack and what we did to close the vulnerability it exploited. None of
this security by obscurity stuff for us. If you outwit us, you get the
credit and we document and fix the problem.
- All the media attention that you can handle. Hey, if you want to further
the myth of crackers as romantic outlaws, we can even get you on a talk
show with a bag over your head :-)
Helpful Hints
Download the technical FAQ from ftp.sctc.com; it's in the pub directory, in
both gzip (.gz) and compressed (.Z) PostScript.
Don't waste your time with packet-level games. This is a layer 7 gateway. It
makes no security decisions whatever on the values of packet headers. The
technical FAQ also lists other stuff that isn't worth trying. Remember, we're
letting you *in* for free; no need to spray the neighborhood with cutely
crafted packets.
Sidewinder Information, sidewinder@sctc.com