aCTFII - Rules

We're not a big fan of rules and restrictions (imagine that), but on the other hand we can't tolorate people being asshats and ruining what would otherwise be a fun game. So we have some very basic rules which will be strictly enforced, but we'll keep the rules to a minimum. Here are the rules we have so far (note: rules can be added anytime):

  • 1.) Do not attack anything from 192.168.94.11 through 192.168.94.20 (inclusive) in any way. If we see anything more than a DHCP request and ACK to .12 or anything other than a GET / request on port 80 to .11, there will be an angry guy who's 6'7" and 280lbs investigating. These machines are for keeping score, serving DHCP addresses, recording all network traffic and admin purposes.
  • 2.) No DoS / DDoS of any kind against anyone. (If you're into the whole Denial of Service thing, we may have a seperate competition which deals with holding up to a DoS attack. Watch dc949.org for more details.)

First violations will result in us pulling the plug and it's game over for you. We have no mercy and don't care how upset you get or how unfair you claim we are being. If you can't keep the game fun then you won't play. That's the beauty of a hardline. Besides it WILL simply be easier to go after the victims themselves, so just leave us alone to run the game :P.

The grey areas: We know there will be questions about these rules, so we'll try to head some of them off here.

  • Attacking each other - it Won't score you any points, don't violate rule #2
  • Sniffing for information - If you don't sniff you're going to have a hard time scoring points
  • Spoofing - just keep in mind rule #1
  • Bruteforce - Keep in mind rule #2 and the concequences. If our scorekeep can't get information from the service, it'll be considered a DoS and it's game over. So if you want to try a bruteforce, then I suggest you do it slowly. PS ...and you may just be wasting your time with this approach.
  • Man in the middle - This is a tough one, and is related to the attacking each other issue. Currently we're undecided on this one. We're working on a way for players to confirm that they're actually connected to our victim server and not some wanker on another team who's spoofing as us. We'll have it figured out soon enough.

If you have any questions email us at: ctf ax dc949 d0t org

aCTFII Home What is aCTF? Rules