Snortattack
From 23C3 Public Wiki
Snortattack is a SUG (Snort User Group) from Italy.
See the link for more information. (nicola dot mondinelli at gmail dot com) for contacts.
We are a group of friends who worked a lot in IDS/IPS deployment, we
have built a SUG (snort user group) and we are currently working to make
the installation and configuration of a snort_inline appliance easier.
We have worked a lot, and recently we wrote a nice
document
for Hackin9 and we have recieved greats feedbacks also from the
snort.org team site ( 4 december's
post), the snort_inline developement group
site and the bleeding snort project
site.
We were also present (at the end of this summer) in 2 meetings in italy, one was Italian Debconf at SM4X site and the other was the HackMeeting site. In the latter we made a quick but interesting workshop:
we brought there 3 embedded device:
- one configured to be a firewall (m0n0wall)
- one configured to be a small server (LAMP, with mambo ecc...)
- one configured to be a IPS (snort_inline)
the small server was made with outdated software (outdatet kernel, outated apache, outdatet mambo, outdated mysql) so full of security issues, bugs and well-know exploitation tecniques. A hacker paradise...
we have connected the three devices in this order:
SERVER------IPS------FIREWALL------(SWITCH)---ANYONE!!!!
during the workshop we invited anyone to try to take the control, or take down, the server. We encuraged a lot but it was very difficult for all to achieve the goal. During the demostration we used to discuss the tecniques adopted and explain what snort_inline is capable of, how ot works and further on... Unfortunately nobody, that time, have cracked the server.
Our objective is not to demonstrate that we are the good guys and the other the bad ones, but , as any hacker, we love confrontation and , more interesting, learnig new tecniques and exchange ideas and hints. We found this method very funny, ludic and... sure, is a challege.
We are offering the same challenge during the dicember 27th.
