w w w . R a j a n i e m i . c o m

2001-10-27

DEF CON 9 Hackers ’ Convention declares
 OpenVMS “cool ”and “unhackable”

DEF CON,a military term that refers to escalating military conflict conditions, is also the name of a computer hackers ’group that meets every year in Las Vegas. At the DEF CON 9 convention, hackers from around the world get together to swap ideas, test and hone their hacker skills,and learn new techniques by playing a game called Capture the Flag.

To many professionals in the computer business, taking an OpenVMS system to a place where 4,300 hackers can try to break in for two and a half days is analogous to walking into a back street bar and flashing money around before stepping into the alley for some night air!

Three members of the Dallas Ft.Worth Compaq User Group (the DFWCUG) decided to take an OpenVMS system to DEF CON 9 and play Capture the Flag. The contender was a Compaq AlphaStation ™4/233 system with 512 megabytes of memory, OpenVMS v.7.2-1H1 operating system, TCP/IP 5.0a, Apache, and Point Secure security software. All software was standard and installed out-of- the-box. Also loaded onto the system were a few added services such as WEBserver pages, interactive Telnet accounts for any hackers who logged into the OpenVMS system to hack from the inside, and a public “Games ” account for hackers who got tired of hacking!

For two and a half days,the hackers bombarded the server with different TCP/IP attacks and some internal attacks —but none of them was able to break the security or hack into the OpenVMS server. Throughout the event, Point Secure Software ’s System Detective Product recorded every attack and every keystroke, and gave the system an extra layer of protection from the hackers!

On the last day of the event, during the last half hour of the Capture the Flag contest, the judges put a note on the scoreboard that they thought the “OpenVMS system was virtually unhackable. ”Immediately, all hacking attempts against the AlphaStation system ceased. For the last half hour of the contest, the OpenVMS system coasted across the finish line with not one of the hackers bothering to waste their time on the OpenVMS server!

At the DEF CON 9 wrap-up session,the judges declared the OpenVMS server “cool” because its services were continuously available and never hacked during the contest. The rest of the hacker teams also gave the server “props” (kudos) as well because they were not able to “root” the system or break in.

Steve Smiley of the DFWCUG delivered a security white paper on what was learned about the hackers’ attacks at CETS 2001 in Anaheim, California this month.

For more information, see the DFWCUG Quadwords newsletter at www.dfwcug.org/
Also visit www.defcon.org/, www.pointsecure.com/
and www.cets2001.com/