DEF CON 9 Hackers Convention declares
OpenVMS cool and unhackable
DEF CON,a military term that refers to escalating military conflict conditions,
is also the name of a computer hackers group that meets every year in
Las Vegas. At the DEF CON 9 convention, hackers from around the world get
together to swap ideas, test and hone their hacker skills,and learn new techniques
by playing a game called Capture the Flag.
To many professionals in the computer business, taking an OpenVMS system
to a place where 4,300 hackers can try to break in for two and a half days
is analogous to walking into a back street bar and flashing money around before
stepping into the alley for some night air!
Three members of the Dallas Ft.Worth Compaq User Group (the DFWCUG) decided
to take an OpenVMS system to DEF CON 9 and play Capture the Flag. The contender
was a Compaq AlphaStation 4/233 system with 512 megabytes of memory,
OpenVMS v.7.2-1H1 operating system, TCP/IP 5.0a, Apache, and Point Secure
security software. All software was standard and installed out-of- the-box.
Also loaded onto the system were a few added services such as WEBserver pages,
interactive Telnet accounts for any hackers who logged into the OpenVMS system
to hack from the inside, and a public Games account for hackers
who got tired of hacking!
For two and a half days,the hackers bombarded the server with different TCP/IP
attacks and some internal attacks but none of them was able to break
the security or hack into the OpenVMS server. Throughout the event, Point
Secure Software s System Detective Product recorded every attack and
every keystroke, and gave the system an extra layer of protection from the
On the last day of the event, during the last half hour of the Capture the
Flag contest, the judges put a note on the scoreboard that they thought the
OpenVMS system was virtually unhackable. Immediately, all hacking
attempts against the AlphaStation system ceased. For the last half hour of
the contest, the OpenVMS system coasted across the finish line with not one
of the hackers bothering to waste their time on the OpenVMS server!
At the DEF CON 9 wrap-up session,the judges declared the OpenVMS server
cool because its services were continuously available and never
hacked during the contest. The rest of the hacker teams also gave the server
props (kudos) as well because they were not able to root
the system or break in.
Steve Smiley of the DFWCUG delivered a security white paper on what was learned
about the hackers attacks at CETS 2001 in Anaheim, California this month.