This being my first netwars and it being round 6 I cannot help but feel that I am a little behind and a underdog. There are still 5 days left but with my busy life style with kids and prior obligations I might just leave at 86 points. If you do not know what netwars are, it is a competition put on by the sans institute that is basically hacking systems and getting points. Hack and defend basically. Not sure if it qualifies as red and blue but it is fast paced. 10-60 minute regen on systems and you need to hold them from others for the duration and then reattack when the system are regenerated. At times I felt it was frustrating and time consuming and often left me sleepless thinking of the different attack vectors and why certain ones didn't work.
This left me wondering about the remote hack net and what the traffic would look like. I am sure if there was and IDS it would have been flipping out for the lack of a better word. This isn't the problem. The problem is the analysis end. Me being a sole admin, it presents a daunting task. Sifting through sguil alerts and seeing whether I need to escalate or not and looking at the packet trace. Lets take for instance a single autopwn if a system with port 80 and 139 open. This alone would generate roughly 128 individual attacks all with potential compromise and this is just from the outside in.
As you can see, us as system/network/security admins do have our hands full in the day to day and participating in netwars it has made me realize speed and efficiency are key. With these two matched with skill you should be all right. Good luck to all sec ops and cirt's I know it's tough out there. user0330
