Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Reverse Challenge: Winners Announced

Posted by timothy on from the snoitalutargnoc dept.

asqui writes: "The Reverse Challenge was a contest from The Honeynet Project to essentially reverse engineer a binary captured in the wild running on a compromised honeypot. The contest ran during May of this year and the submissions have been judged and the winners announced. Dion Mendel took first place with 43.4 points out of a possible 50. The binary turned out to be a tool for performing remote DoS attacks from compromised hosts, with its instructions being cunningly supplied via the lesser known IP protocol 11. This binary is currently being used in the wild but there is little reported activity, probably because sysadmins are focused on the other more dominant protocols."

4 of 186 comments (clear)

  1. This has been annoying the hell out of me by Anonymous Coward · · Score: 1, Interesting

    This is great. From the source: /*
    * dns queries:
    * SOA queries for
    * com
    * net
    * de malformed packet
    * edu
    * org
    * usc.edu

    All of these dumbass machines (mostly in Australia) kept hitting my primaries with questions for those! I couldn't figure it out, and no amount of searching on Usenet turned up any help. Now at least I know it's due to some idiot worm drilling me.

    Now I get to convert my IP addresses to hex and see what else is up there in that table. Blah.

    Feb 22 09:16:46 dns1 named[58]: denied query from [203.134.113.201].4763 for "usc.edu" IN

    Did anyone else see this?

  2. why can't we all be Italian? by oliphaunt · · Score: 5, Interesting

    I spent a little time reading the solutions of the winner, and of the #9 guy who won the $200 gift certificate for the most concise answer. I clicked on the "cost estimate" link for the winner.

    I thought it would be one of those vaporous confabulations of how many BILLIONS of dollars' worth of corporate man hours would be lost to this exploit. Surprise! It's an estimate of what he would charge you to do this, if you were paying him ~$70k a year. If you don't want to click, it was about $3500 for the winner, and about $850 for the 9th place guy.

    Then I started clicking a couple at random, and I noticed that the various cost analyses of various teams seem to cluster between $2500 and $4000 or so.

    The Italian team are the clear outliers, claiming that they would bill over $10,000 JUST for the RE team and the analysis write-up. They included a full day's billing to cover "meeting, discussion, and coffee time."

    the conclusions? a) one dutch kid can do the work of 8 Italian professionals in about 1/40th the time, and b) i need to get a job in Italy.

    --




    Humpty Dumpty was pushed.
  3. Re:About the binary by Dave9876 · · Score: 2, Interesting
    Nope, it is protocol 11(decimal), ie. ox0b.
    From my own playing around with "the-binary" during the contest (on a box that was totally disconnected from the world), I got the following from an strace -f

    socket(PF_INET, SOCK_RAW, 0xb /* IPPROTO_??? */) = 0

    As you can see, it's opening it as protocol 11, and he didn't miss an 0x from the beginning. So, it's not just UDP.

  4. Dion Mendel by ardiri · · Score: 3, Interesting

    i went to school with this guy :)

    one hell of a smart guy; although strange at times (not at all bad). married to tiki swain - also another "unfound" talent. many would not see him as a "computer nerd" *g* - he is short, thin, hates working, hates wearing shoes - and, likes to live in the "wild". mcdonalds, coke, all other commercial stuff just isn't his cue - he prefers finding food in the wild :) overall a great guy - met him in march this year back in perth (australia). nice to see someone finally recognises some of his talent.

    kudo's dion!