Scoring Engine

The scoring engine, as far as we can tell from pcaps, simply does simple tasks to verify a service is working. We have noticed that it jumps around to different IP’s to mimic real users. Here are some screenshots of a pcap for the scoring engines traffic. Hopefully you can use this to get a better idea of how a service is being scored. Contact me if you would like the entire pcap.

On our team, I have each team member go through and identify attackers and the scoring engine from the pcaps taken from previous years.

Some of the services it scores: FTP, SSH, HTTP, HTTPS, DNS, SMTP, POP

FTP Traffic
FTP
DNS Queries
DNS
HTTP pcap from Scoring Engine
HTTP
IMF packets from scoring engine
IMF
POP packets from scoring engine
POP
SMTP packets from scoring engine
SMTP