Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ah, I suppose that would cover most bases. If they own the servers and they are giving permission to access them in such a way then there's likely no worries over unauthorized access type laws.


I took a look at this a while back (excited to see it's still going), but there is the chance that your ISP might send you a nastygram/suspend service if they notice a lot of activity that looks like port scanning, though that depends on how intrusive/vigilant your ISP is being.


If ctf365 wanted to keep the playing field level, they could sandbox the entire network so that attacks originate from another device on the network. So you have:

  -----------------Network-----------------------------------
  my_fortress <- targeted by: competitors_command&control_box
  my_command&control_box :targets -> competitors_fortress
  -----------------------------------------------------------
No shady traffic ever needs to traverse the public internet. Only ssh access to my_command&control_box and my_fortress is required. This has the added benefit of normalizing the attacking horsepower of the entrants.


That would limit to some degree the gear that you could bring to the fight. Given that choice of tools in this situation is a valid differentiator I don't think arranging the challenge as "Backtrack5 at Dawn" is a realistic way to go about it. Clearly you could write or upload anything you wished if you sshed in, but the added convenience of BYOD seems like a net win.


We build our own IaaS (Infrastructure as a Service) and you'll get access through vpn. Building our own IaaS keep us much busy than we thought.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: