tiger team assignment

important dates:
-----------------

	 Apr			May		       Jun
 S  M Tu  W Th  F  S    S  M Tu  W Th  F  S    S  M Tu  W Th  F  S
             1  2  3                      1          1  2  3  4  5
 4  5  6  7  8  9 10    2  3  4  5  6  7  8    6  7  8  9 10 11 12
11 12 13 14 15 16 17    9 10 11 12 13 14 15   13 14 15 16 17 18 19
18 19 20 21 22 23 24   16 17 18 19 20 21 22   20 21 22 23 24 25 26
25 26 27 28 29 30      23 24 25 26 27 28 29   27 28 29 30
                       30 31

1. 4-8, captains are appointed, teams are started in class.  Captains
	need to send email ASAP to "judge" Jim as to who is on
	their teams; ie names AND email addresses .  
	This will make the final team roster.  Any changes in teams
	should be announced to the list.  Jim will keep the master
	team roster and send it to the class mailing list on
	changes.

2. 4-13, boxes are assigned to teams.
During this period secure your host but do not attack anyone.  
Try to get your basic required services installed.

3. Tuesday, April 20, 12 noon.  attacks may begin
4. Tuesday, April 20 at class time
	the Team Captain is responsible for giving
	the following information to the instructor in a secure manner:
	*passwords* should be typed, not written.

	1. name of team
	2. 2 passwords/accounts:
		1. ssh user account/passwd
		2. http web blog user account, 
			2.1 user/passwd
			2.2 URL for blog
	3. /etc/capturetheflag
		create this file and put a string in it,
		make the string known to the instructor.  This
		is a SECRET.  

5. Tues, April 20 by class time.  You must have the 5 services
open below.  Other teams may show that you do not have those
services up, or you have fake services up.  In 
those cases you will lose points and the other team will gain points.
Point will always be awarded in an arbitrary manner.

5. the tigerteam period concludes May 25, at noon.
Final scores will be announced.  Note: The winning team will
get a fractional letter grade boost on the order of 
say if you were going to get a B, you get a B+, etc.

6. the team captain must turn in via email
a final report to the instructor by the date of the final.
This should be an emailed pdf document.   

point system
-----------

Teams will be capriciously awarded points based on what the instructor
believes to be sound or foolish practice.  Points may be reduced.
The instructor will strive to be fair, but may be pedantic, capricious,
or socially engineerable.

Any team that can prove they have knowledge of another team's
/etc/capturetheflag file (the contents) will get 50 points.  Any team
that loses this information loses 20 points.  If the flag is lost, the
team that lost it may get some points back via "solid" forensics.

requirements:
-----------------

1. do not attack any system other than the list of host IPs
actually used inside the netlab.  This includes scanning, spamming, whatever.
In general if you launch an attack, run tcpdump or wireshark and make
sure it is doing what you think it is doing.  Famous last words ...
You are expected to NOT appear here or here:

http://tom.cat.pdx.edu/ourmon/p2p/portreport.txt
http://tom.cat.pdx.edu/ourmon/p2p/udpreport.txt

in the sense that you appear to be either: 1. a scanner or 2.
a cause for email to be sent to abuse@pdx.edu.  Points may be lost
if this happens (for may read for sure will be).

2. you are required to maintain 5 well-known services as follows:

	1. ssh on port 22
	2. ftp on ports 20/21 (traditional)
	3. email on port 25
	4. http
	You need to have a blog for the instructor to read
	about your wonderful accomplishments.
	5. make a NFS partition that is RO and export
	it "to the network" (but only within the netlab)
	It should be mountable by anyone within 131.252.215.64/28

Note: if some other team can prove that these services are
fake or not open, they will get points for their team, and
your team will lose points.

3. the team blog should be updated weekly.  If you do
nothing and do not update it, you won't get any points. 
The team captain should send email to the instructor 
to point out to the latter that the blog
is available and has been updated.

4. in general ALL communication between the team and the 
judge should be done by the team captain.  This does not
rule out student to instructor communication.  The point is
that you should communicate within the team and have the captain
be the communication focus for team to judge and judge to team.

hints to the team:
-----------------

1. when asking questions in class (or to the mailing list), be 
aware that one should not give away easy information to other teams.  
This does not mean you should not ask questions 
(always feel free to ask questions
via email directly to the instructor), but questions like this:

	ok to do attack X?

may prove more profitable to some other team.  Questions like
that should be asked privately.  

2. try and get along with each other.  The team captain
should help other team members when necessary.  
The team captains should report problems to the instructor
along the lines of:  party X does not answer email, and
does not appear interested.  party X will not be getting a good
grade.  The team DOES however get a grade as an entire team,
but I can always demote one individual who does not contribute
out of sloth.  On the other hand, not everybody has the same set
of skills.  Help each other.   If you feel like you know nothing,
then that is a great learning opportunity.

3. TC: talk to your people and assign tasks possibly
in terms of roles.  Think in terms of roles that people can fill:  
there are not enough people and too many roles:

	.security analyst - what is going on with attacks
		on the Inet, both to help your team and hinder other
		teams.  
	.penetration analyst - defensive specialist.  What holes
		might your box have?
	.penetration analyst - offensive specialist.  what holes
		might you find in other teams?
	.team captain - coordinate, coordinate, communicate
	.package installer - install packages X, Y, Z.  note
		that some packages like snort might just be a tad complex.
	.tool monitoring - somebody needs to watch the radar screens.
		if you run snort, you need to monitor it.  if you
		run tcpdump you need to analyze the traffic.
		logs need to be looked at, etc.
	.WRITER/editor - you must maintain a blog and write a final report,
	.web page designer - you must maintain a blog as a web page
		for the instructor.  

4. prize - there may be a prize of some sort to the 1st-place
team.  (free beer).

5. the instructor will mail out point summaries at appropriate times 
i.e., team X has points Y to the class mailing list.  This is
"the standings".  TC may receive email telling them about points
awarded or subtracted.  This will be private email to the captain.