Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Reverse Challenge: Winners Announced

Posted by timothy on from the snoitalutargnoc dept.

asqui writes: "The Reverse Challenge was a contest from The Honeynet Project to essentially reverse engineer a binary captured in the wild running on a compromised honeypot. The contest ran during May of this year and the submissions have been judged and the winners announced. Dion Mendel took first place with 43.4 points out of a possible 50. The binary turned out to be a tool for performing remote DoS attacks from compromised hosts, with its instructions being cunningly supplied via the lesser known IP protocol 11. This binary is currently being used in the wild but there is little reported activity, probably because sysadmins are focused on the other more dominant protocols."

9 of 186 comments (clear)

  1. achtung! by eyegor · · Score: 2, Funny

    Quickly!!! Arrest the winners!!! They have obviously violated the DMCA!!!

    --

    Don't anthropomorphize computers, they don't like it.
    1. Re:achtung! by Anonymous Coward · · Score: 4, Funny

      Quickly!!! Arrest the winners!!! They have obviously violated the DMCA!!!

      EULA: By allowing your system to be compromised by this program you hereby agree to the following license conditions...

  2. Reverse-Engineering Their HTML by great+throwdini · · Score: 2, Funny

    The results link posted above (http://project.honeynet.org/reverse/results/) is wonderfully tortured HTML ... with the pleasing side-effect of triggering a mouseover color change for over half the text in the opening paragraph when rendered with Mozilla.

    Hey, I found it interesting...

  3. Interesting summary by Anonymous Coward · · Score: 2, Funny

    From the bonus questions:

    Summary

    The program was written in 2000, being inspired by the media attention of the trinoo and TFN DDOS tools. The programmer is most likely young with limited personal resources. The programmer has a low skill level and resorts to the "cut and paste" style of programming. The programmer possibly resides in Europe and socialises with other blackhat style programmers. The programmer is male, overweight and has no social life other than his computer. He wears glasses and was bullied throughout school. He uses computers as a way of getting back at the world which has maligned him. You decide where reality steps aside and Hollywood takes over.

  4. ObSpinalTapRef by tswinzig · · Score: 5, Funny

    "This protocol goes to eleven."

    --

    "And like that ... he's gone."
  5. Re:this one goes to eleven by MavEtJu · · Score: 2, Funny

    Don't worry, it's just a protocol on top of IP. Just like UDP, TCP and ICMP are.

    --
    bash$ :(){ :|:&};:
  6. Next scan of the month... by snake_dad · · Score: 5, Funny
    Analyse the DoS attact honeynet.org experienced July 8, 2002.

    Bonus question: explain why this attack had so many valid originating IP addresses.

    --
    karma capped .sig seeking available Slashdot poster for long-term relationship.
  7. Re:About the binary by cwebster · · Score: 3, Funny

    5) UDP's protocol number is 17, or 0x11. Who wants to bet he forgot a 0x in his code and use of proto 11 is a bug :)

  8. Re:this one goes to eleven by cookd · · Score: 3, Funny

    Do routers even route protocol 11?

    Mu.

    Normal routers don't care what protocol is being used. They route at the IP layer. ICMP, TCP, UDP, and "Protocol 11" are all layered on top of the IP layer.

    Now, a firewall is a different story...

    --
    Time flies like an arrow. Fruit flies like a banana.