Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - A Christmas Packet Challenge InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

A Christmas Packet Challenge

Published: 2007-12-24
Last Updated: 2007-12-24 18:15:05 UTC
by Lorna Hutcheson (Version: 1)
2 comment(s)

There is no better Christmas gift, that I can think of to give, than one that involved packets.  Its been awhile since I posted a packet challenge, but I couldn't let Christmas go by without posting one.  So for all you fellow packet heads out there, here is one for you to spend your holidays pondering.  This challenge is different from last year, so let me tell you the rules for solving this one.  I will give you your first clue to start you off, but you can choose the approach you take:

Approach #1:  Download the file called xmas_Starter.pcap which contains the single starter packet and look at it in your favorite sniffer to extract the payload to decode.

or

Approach #2:  For all you die hard hex geeks, I've dumped the packet in hex into a text file called starter_challenge.txt for your viewing pleasure.  Find your payload in the hex dump and decode it.

In the payload, you will find a Christmas question that has a numeric answer.  The correct answer will be the exact packet  in the xmas_challenge_2007.pcap file where you will find your next Christmas question.  So for example, if the answer is 30, then packet number 30 will be the packet you are looking for in xmas_challenge_2007.pcap.  Do NOT start counting at the packet for which you just answered a question, you will be wrong.  Each question is in the payload and must be deciphered.  There are misleading packets in this challenge, make sure you know your Christmas trivia or you could end up on the wrong packet!   How will you will know when you are at the end of the challenge?  The last packet you are directed to, will not have a question, but will have a message from the handlers to all our readers.  It also may or may not contain the message in one single packet:>)

For those who accept the challenge, send in an email listing each question you found and what the message is from the ISC handlers to everyone.  If you get stuck, send in an email too and we'll get you back on track!  I'll post the results in a week or so to give folks time to play.  Good luck to everyone and let the games begin!!!

Merry Christmas!!

 

 

Keywords:
2 comment(s)
Diary Archives