First-Ever Photo Tour of Defcon's Network Center

← Back to Stories (view on slashdot.org)

First-Ever Photo Tour of Defcon's Network Center

Posted by timothy on Monday August 11, 2008 @05:10AM from the sniffer-dogs-eh dept.

Kugrian writes "With over 9,000 hackers, freaks, feds, and geeks attending Defcon 16, the temporary wireless network setup there is considered the most hostile on the planet. Run by a dedicated group of volunteers known as Goons, the basement Defcon Network Operations Center is secured by means of a chain-link fence and armed guard. The 20-megabit connection, which is twice as fast as Defcon 15, runs over a point-to-point wireless link to another hotel that has point-of-presence in their basement. Wired's Threat Level blog managed to secure the first ever photo tour of the Center showing Goons, hardware and sniffer dogs." Reader TXISDude, who was at Defcon, doubts that attendance was as high as 9,000. Update: 08/13 18:14 GMT by T : Dave Bullock, the Wired photographer who shot these pictures, backs up that figure, though: "I interviewed Joe Grand, the badge designer a few weeks before the con. They ordered 8,600 total badges. They ran out of badges. There were hundreds of people with paper badges."

46 of 128 comments (clear)

WHAT?!?! by Anonymous Coward · 2008-08-11 05:11 · Score: 4, Funny

OVER 9000!!!!
The problem with sniffer dogs... by Anonymous Coward · 2008-08-11 05:17 · Score: 5, Funny

...is that they are always humping your legs as soon as you put them in promiscuous mode.
Is this K-9? by gnick · 2008-08-11 05:18 · Score: 5, Funny

...showing Goons, hardware and sniffer dogs.
These guys must be extremely high-tech if their security dogs can sniff wireless!

--
He's getting rather old, but he's a good mouse.
I fail to see what's so spectacular about this by jacquesm · 2008-08-11 05:19 · Score: 2, Insightful

seriously, what is so special about this ?

--
MP3 Search Engine
1. Re:I fail to see what's so spectacular about this by jacquesm · 2008-08-11 05:37 · Score: 3, Insightful
  
  I highly doubt that :)
  Anybody that claims he/she is a hacker is most likely not.
  These are the 'l33t' script kiddies and such, they couldn't hack their way out of a paper back if someone didn't provide a fill-in-the-blanks kit that they can download.
  Anybody that really is a hacker is already in your system, just not bragging about it.
  It's like lock picking, if you're really good at it you keep your mouth shut so that if some stuff disappears you're not going to be #1 on everybody's suspect list.
  
  --
  MP3 Search Engine
2. Re:I fail to see what's so spectacular about this by SeanTobin · 2008-08-11 05:51 · Score: 5, Informative
  seriously, what is so special about this ?
  
  Wow... Someone has a serious lack of Imagination. Here is what is special about this:
  These guys manage the most actively hostile network on the planet. Just bringing your laptop/cell phone/PDA within wireless range of this event is asking for trouble. These are the people that put your username/password up on a giant wall of sheep if you choose to use an unencrypted connection for e-mail/web browsing.
  Have you considered the challenges of maintaining a server in this environment? You are one giant target for the world's largest collection of black/grey/red-hats in the world. Let's just say that there would be a substantial amount of "iStreet-cred" if you were to 0wn the firewall.
  Now, if you read the article, they describe how they setup their wireless network. They keep things very simple and maintain centralized configurations. If you are setting up a network in a potentially hostile environment, their model is a good one to follow. Why? Here are a few reasons:
  Users: 2,226 and 3,801 DHCP leases issued
  22 Access Points deployed
  Man-in-the-Middle Attacks detected: 215
  DoS Attacks: ~80
  Rouge AP's Detected and Destroyed: 130
  Wireless Bridges Detected: 300
  ARP MAC Spoofing Attempts: 836
  Traffic for the last 30 hours: IN 12gb / OUT 1.2gb
  Think your network can handle that? Let's take a look at one of the interesting ones - the Rogue AP's.
  The people that run defcon (and many of the attendees) eat these attacks for lunch. These people triangulate wireless signals within a high-em noise environment with enough multipath to give K-9 a headache. They manage to actively seek and destroy rogue AP's (not to mention the ARP spoofing!) while maintaining a healthy network. You don't think that's special!?
  Now, what about hardware reliability? Heck, if I had a choice between two pieces of gear and one of them had a "Survived DefCon 2008" sticker on it, I could tell you what I would be picking up. They had a nice Cisco fiber switch (no real surprise) but I have never heard of the Aruba AP's before. I know I'll at least check them out now. Do you not think that exposing battle-proven hardware to electronics-consuming people is special?
  Look at the software too. BSD & pf. No real surprise there either. When you want ungodly-stable network filtering - that is the way to go. Don't take my word for it. Heck, don't take BSD's word for it. The setup survived the hacker Olympics with no downtime. THAT is what is special about it.
  --
  Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
3. Re:I fail to see what's so spectacular about this by halsver · 2008-08-11 05:56 · Score: 2, Insightful
  
  So you are telling me there are no real black hats at this convention?
  Given 9000 people who may claim to be hackers, I'm sure there's one in there somewhere...
  
  --
  Roughly half my comments are never submitted. You may be reading the better half...
4. Re:I fail to see what's so spectacular about this by Anonymous Coward · 2008-08-11 06:14 · Score: 2, Funny
  
  right, he's got a job in network admin
5. Re:I fail to see what's so spectacular about this by tgd · 2008-08-11 06:35 · Score: 4, Funny
  
  Yes, but if you say away they may then suspect that you are, in fact, an elite black hat hacker who is staying away precisely to draw suspicion away from yourself, so in fact a real black hat hacker should, in fact, be there or they will immediately be suspected of being a real black hat hacker.
  Never go in against a Sicilian when death is on the line.
6. Re:I fail to see what's so spectacular about this by Qzukk · 2008-08-11 06:38 · Score: 4, Insightful
  
  Here is what is special about this:
  You missed what was really special about this: If you want into defcon's network operations center, tell them you're from Wired and you just want to take a few pictures. Butter them up real good about how awesome they are for managing such a hostile environment, etc.
  I expect this exploit to not work a second time.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
7. Re:I fail to see what's so spectacular about this by nospam007 · 2008-08-11 07:15 · Score: 2, Insightful
  
  Not to mention:
  Never get involved in a land war in Asia
8. Re:I fail to see what's so spectacular about this by Dekker3D · 2008-08-11 09:44 · Score: 2, Informative
  
  on the other hand, any black hat worth his salt would have little trouble taking on a different identity and blending in with the white hats, if he/she's too curious to stay away.
9. Re:I fail to see what's so spectacular about this by eat+here_get+gas · 2008-08-11 10:41 · Score: 2, Funny
  
  que sera, sera?
  
  --
  the significance of a signature is insignificant
10. Re:I fail to see what's so spectacular about this by j00r0m4nc3r · 2008-08-11 14:29 · Score: 4, Funny
  
  Who's to say that that's the real NOC, and not a decoy?
ZOMG! by JCSoRocks · 2008-08-11 05:21 · Score: 3, Insightful

They've got... network cables! and, and, switches and stuff! There's even some fiber there! It's almost like they're trying to get a bunch of people on the Interweb... crazy.

--
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
1. Re:ZOMG! by QuantumRiff · 2008-08-11 05:55 · Score: 5, Funny
  
  So, which side of the firewall is the "untrusted" side at defcon? Do they protect defcon from the internet, or do they protect the internet from DefCon?
  
  --
  
  What are we going to do tonight Brain?
2. Re:ZOMG! by Jawnn · 2008-08-11 07:36 · Score: 2, Funny
  
  So it really is just a series of tubes. Imagine that.
3. Re:ZOMG! by Lockster · 2008-08-11 13:42 · Score: 3, Informative
  
  So, which side of the firewall is the "untrusted" side at defcon? Do they protect defcon from the internet, or do they protect the internet from DefCon?
  We do a bit of both, actually.
I am so behind the times by b96miata · 2008-08-11 05:24 · Score: 3, Informative

I only just got back from defcon 16, and already I missed 20?
1. Re:I am so behind the times by HappySmileMan · 2008-08-11 05:27 · Score: 4, Funny
  
  lrn2octal
2. Re:I am so behind the times by gnick · 2008-08-11 05:28 · Score: 4, Funny
  
  It's Defcon 2.0. They're trying to jazz up their image a little bit and make it more inter-webby.
  
  --
  He's getting rather old, but he's a good mouse.
3. Re:I am so behind the times by Firehed · 2008-08-11 06:23 · Score: 2, Funny
  
  Dfcn?
  
  --
  How are sites slashdotted when nobody reads TFAs?
Security thru Obscurity by 192939495969798999 · 2008-08-11 05:31 · Score: 4, Insightful

If these guys wanted any kind of openness with security, these pictures would be on the DEFCON index page instead of some kinda "security through obscurity" nonsense where only just now are we seeing how they are running the network. If it gets hacked, that should be part of the conference -- how it was compromised, what to do to protect it better, etc.

--
stuff |
1. Re:Security thru Obscurity by cromar · 2008-08-11 06:48 · Score: 4, Insightful
  
  Everything is crackable; it's a good idea to be obscure most of the time. Relying on obscurity as your only defense is what is a bad idea.
2. Re:Security thru Obscurity by mxs · 2008-08-11 08:17 · Score: 2, Interesting
  
  Blah Blah Blah.
  The first rule of cybersecurity is to have physical security. This is not security by obscurity, at all. The DEFCON network is not the focus of the DEFCON conference, so no, it should not be on the front page. Cracking the DEFCON network is not the (primary) focus of the DEFCON conference so no, there should be no need or competition to -- especially since crap like that usually results in packeting instead of actually interesting attacks. You also seem to assume that a post-mortem analysis of a break-in takes a few minutes, whipping up a presentation about it takes an hour or two, and conclusive results as to how to do it better are done in time for a presentation. Talks at DEFCON take a while to prepare.
  (Now, if somebody had cracked the network with a new kind of attack they just happened to be speaking about at DEFCON, that would have been interesting :-)
Re:This remindes me of the TSA by Lost+Found · 2008-08-11 05:32 · Score: 2, Funny

The dog is to make sure no one sneaks in drugs and gets the router high.
Come on, china is more hostile... by nweaver · 2008-08-11 05:36 · Score: 3, Insightful

The Defcon network is bad if you are a sheep, but if you jsut treat it like you are going to visit China (with a return trip through US Customs), its not that bad...
New system, everything through an SSH tunnel, only your necessary working set, and temporary login credentials to throwaway accounts, and its all good!

--
Test your net with Netalyzr
Re:This remindes me of the TSA by bugs2squash · 2008-08-11 05:41 · Score: 5, Funny

The dog is to keep the techs away from the equipment for change control purposes.

It completely replaces IT management at a fraction of the cost.

--
Nullius in verba
Sniffer Dogs, by LM741N · 2008-08-11 05:42 · Score: 3, Funny

please don't pee on the routers!! You will void Cisco's warranty.
Re:Unimpressed. by Applekid · 2008-08-11 05:42 · Score: 2, Insightful

From TFS:

With over 9,000 hackers, freaks, feds, and geeks attending Defcon 16, the temporary wireless network setup there is considered the most hostile on the planet.
It's temporary. It's not going to have to be maintained for years on end, which is the point of textbook wiring jobs. Otherwise it's a waste of effort.

--
More Twoson than Cupertino
Re:Unimpressed. by tulmad · 2008-08-11 05:44 · Score: 3, Insightful

It's also probably set up for the conference, and taken down when it's over. Why would you bother neatly tying your cables and making everything proper lengths if you're going to just take it apart a week later? I'd be willing to bet most of their setup fits in that transit case under the firewall and switch.

--
"In case of emergency, break glass. Scream. Bleed to death."
A challenge for you experts by zappepcs · 2008-08-11 05:45 · Score: 3, Insightful

Yes, their network setup looks.. uhmmm... temporary and built with something less than a multimillion dollar budget. So, how would you build a wireless network for '9000' hackers?
Pretend you have some assets already plus $10,000 to spend. How would you build the temporary network?
I've seen a lot of 'how they did it' infrastructure articles, and lots of smirking here, so how would YOU build that network?

--
Support NYCountryLawyer RIAA vs People
More to the point... by Broken+Toys · 2008-08-11 05:48 · Score: 3, Funny

A bunch of world class hackers set up a wireless network.
What could possibly go wrong?
And you think this is fast by doodzed · 2008-08-11 06:03 · Score: 5, Informative

Try going to Europe. Last time I went to the CCC Congress in Berlin the uplink was 600 mbit. They usually put up signs on the second deay stating "use more bandwidth."
Usually crappy US show network. Go over to Europe where they know how to put on a show. Very few rules and even those are flexible.
Oh, and the number of machines stolen over the past 23 years can be counted on one hand.
http://events.ccc.de/congress/2005/fahrplan/attachments/652-slides_network_review.pdf

--
It's not the size of your stack that matters, it's how you push and pop
Rouge AP's? by faloi · 2008-08-11 06:07 · Score: 4, Funny

Are other colors of makeup safer for APs?

--
"It is a miracle that curiosity survives formal education." -Albert Einstein
pf Config by nuxx · 2008-08-11 06:09 · Score: 3, Interesting

TFA says that "...a quad-core Xeon running OpenBSD and employing pf to filter and shape traffic" is in place. I think it'd be excellent if they'd release the config for this so that we may all learn from it.
Release it after the con, that is, just in case there's a hole found in it...
Volunteer by Anonymous Coward · 2008-08-11 06:14 · Score: 2, Insightful

Um...these volunteers set this up for free. Sure they could have spent serious $$$ on providing free wireless to a bunch of miscreants who are too cheap for mobile service and wired it up to look prettier. That's not the point. Unless you are volunteering to bring out your equipment, and setup and run this show, and do it just as securely and reliably, a simple THANK YOU will do. Otherwise, STHU. As wise old Ben said "Any fool can criticize, condemn and complain and most fools do."
Do people get in trouble for any of this? by Crazy+Taco · 2008-08-11 06:57 · Score: 4, Interesting

I've never been to DefCon before, so I'm just curious... do people actually get in trouble for any of the things they do there? If you do a man in the middle attack, do people get mad? Or is it just assumed that anyone on this network is fair game and you can 0wn them as you see fit?

--
Beware of bugs in the above code; I have only proved it correct, not tried it.
1. Re:Do people get in trouble for any of this? by Lockster · 2008-08-11 13:41 · Score: 3, Informative
  
  It's expected. About the only thing anyone's ever gotten in trouble for (specific to the Network) is for stealing equipment (hence the guard, and the dog :)
Over 9000 by Danny+Rathjens · 2008-08-11 07:32 · Score: 4, Informative

"Over 9000" is a joke/meme, Timothy. http://www.urbandictionary.com/define.php?term=over+9000 http://www.encyclopediadramatica.com/Over_9000
1. Re:Over 9000 by eecue · 2008-08-11 12:03 · Score: 2, Informative
  
  I didn't mean it to be a joke. Defcon made 8,600 badges. They ran out of badges and there were hundreds of folks with paper badges.
  
  --
  -- sigs suck --
Re:TFS seems to have a mistake by profplump · 2008-08-11 07:41 · Score: 2, Insightful

You start indices at 0, to avoid extra math. But you really should start counting at 1, at least you'd like anyone else to know what's going on.
Re:WHAT?!?! [Off topic yet On Topic] by Koiu+Lpoi · 2008-08-11 07:59 · Score: 2, Interesting

HASSEN IJOU DA!
(In the original Japanese audio, he actually says "It's over 8,000", which is funny because there are doubts the attendance was over 8,500).
You forgot by blueZ3 · 2008-08-11 08:44 · Score: 3, Funny

4) Profit!

--
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Re:Pretty lame by Lockster · 2008-08-11 13:58 · Score: 2, Insightful

Did you actually read the page that you referenced? I mean all the way through?
PyCon 2008 used a 40Mb wireless connection @ 40Mbs, not a DS3. Dropping a DS3 in for a temp event is big bucks (try it sometime!)
Now read their utilization graph. If they had 20Mb, they'd have been perfectly fine (they only spiked above 20Mb a couple of times). So let's say you're paying the $15-20K to drop in a DS3 to a hotel. If you could pay significantly less with no realistic impact to service, wouldn't you?
How many corporate sponsors did PyCon have?
Now compare to the corporate sponsors for DefCon.
Now compare budgets.
Comparing SuperComputing's Network to DefCon? Seriously?
Convention networking isn't a dick-swinging contest--it's about getting it done.
Re:Software for heat map? by Lockster · 2008-08-11 13:59 · Score: 2, Informative

It's part of the Aruba management software suite.