Sunday, February 14, 2010

Honeynet Challenge #1 Results

Well I didn't do as well as I'd hoped on Challenge #1, only got a 25 out of 40 on score, ranking me 28 out of the 91 submissions. Top third, but not as high as I would have liked.

Here were my score results:
Answer 1: 2 points (of 2)
Answer 2: 1.5 points (of 2)
Answer 3: 2 points (of 2)
Answer 4: 1.5 points (of 2)
Answer 5: 4 points (of 6)
Answer 6: 3 points (of 6)
Answer 7: 2 points (of 2)
Answer 8: 1 points (of 8)
Answer 9: 4 points (of 6)
Answer 10: 2 points (of 2)
Answer 11: 2 points (of 2)

Looks like I blew the shell code section along with the general overview! A bit off here/there other than that too, but those were the worst sections.

Here were the questions again:
1. Which systems (i.e. IP addresses) are involved? (2pts)
2. What can you find out about the attacking host (e.g., where is it located)? (2pts)
3. How many TCP sessions are contained in the dump file? (2pts)
4. How long did it take to perform the attack? (2pts)
5. Which operating system was targeted by the attack? And which service? Which vulnerability? (6pts)
6. Can you sketch an overview of the general actions performed by the attacker? (6pts)
7. What specific vulnerability was attacked? (2pts)
8. What actions does the shellcode perform? Pls list the shellcode. (8pts)
9. Do you think a Honeypot was used to pose as a vulnerable victim? Why? (6pts)
10. Was there malware involved? Whats the name of the malware? (We are not looking for a detailed malware analysis for this challenge) (2pts)
11. Do you think this is a manual or an automated attack? Why? (2pts)

Anyway, very fun exercise, glad they put it on and they are posting the results earlier than I thought they would, didn't expect anything until tomorrow.

Looks like they are planning another one in the near future. Not sure it is something I'll work on, but keep your eyes on their site if you are interested!

No comments: