Announcing The Live TFE Capture The Flag 2017

In 2015 TFE joined forces with Concise AC and ran a hacking competition for two weeks, no winners. This time in partnership with Quantus Technical Solutions we’ve put the Server behind our new device CAT (UTM IPS), and offer up the challenge again to hack our Server and or our CAT Appliance.

The Server has numerous open ports, no firewall, just a normal webserver for http:// and basic cgi scripting. Sounds easy? Register for the public IP and be elligible for a prize. you can register anytine during comp duration.

Competition duration

Friday 10th March 12:00 AM to Friday 24th March 12:00 AM

Below shows top page witih 2 links, CTF Flags and Reports for live attack stats.

2017 CTF Challenge Flags

  1. Change time on web page to 0
  2. Change address field on web page to your KVA Rx session range (+/- 8192B)
  3. Email us at info@subpico CAT’s mgmt IP

CTF Flag Prizes

  1. CAT3 (4 GE: 2 links, 2 GE: 1 spare, 1 mgmt)
  2. CAT3 + 2U Server Appliance 24/port GE (48 Core, 500K/active streaming)
  3. Telco LTE/5G IP DPI UNIT (16 interfaces, rated at 200Gbps@64 B), $250K

Rules

None

Register – larry@subpico.com

Live Statistics

A Report is provided to view LIVE on-the-wire stats. Screen shows Server processed traffix(Grey = rx, White = tx) and color coded dropped . The page auto refreshes every 5 second.

Field definitions;

Time tv.tv_sec:tv.tv_usec, KVA,MAC,IP,sz/Frm#.Qdc#, Total handling time (see hints)

Capturing a Flag

When a FLAG is caught a lockout will prevent any further attempts and the FLAG is visible for all to see. As you can see from the report screen we track sessions and FLAGS so there can be no dispute on the winner. We may extend if needed.

Hints – Timing is everything

The time available between packets below is the total time you have to both receive (PA/KVA), process and respond (KVA/PA). There’s not much time and why capture is so important, and if it exceeds this time available, even if your application processing time is zero, you have no chance to handle wire rate traffic. But in general the situation is not that bad, as usually the bandwidth used is not more that 40-50% of linerate, and IP packet sizes average around 512 bytes.

We handle packets, and flows faster than GE link can deliver them.

  • 1 Gbit/s = 1.498 Mpps => 1 sec / 1’498’000 => 0.672 usec / packet
  • 10 Gbit/s = 14.98 Mpps => 1 sec / 14’980’000 => 0.067 usec / packet
  • 100 Gbit 149.84 Mpps => 1 sec / 149’840’00 => 0.0067 usec / packet

This year im making flag 2 a little easier, in 2015 you had to provide both RX/TX KVA/PA pairs and timing. This will surely test your L1 to L7 skills, and i’ve change some internal stuff for our 2015 fans, dont stick with the same old tools/scripts, try something new – “unlearn what you have learned”. Flag 2 correlates with the number of active attacks, so there is a temporal element to the Flag.

Our 2015 CTF Comp. no winners – we didnt expect any either.

We want to show what is possible if you take a bullet proof wire-speed perimeter UTM IPS device like CAT, and put it in front of a simple hardened server. Of course while we can tick the boxes perimeter ✔, service ✔, human err .. not so easy but manageable. This is why we must work with independent impartial experts, and not puppets peddling FUD, nor do we subscribe to the ‘response is better than prevention’ BS.

Below is a report from our latest regression cycle, thru CAT to our Server. Its only a baseline we know, but this is a good start to build on.

To my fellow Vendors: prove your metal. “HOLD FAST” – Master and Commander

All the best competitors, and don’t give up. regards.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *