Scoring Engine

The scoring engine, as far as we can tell from pcaps, simply does simple tasks to verify a service is working. We have noticed that it jumps around to different IP’s to mimic real users. Here are some screenshots of a pcap for the scoring engines traffic. Hopefully you can use this to get a better idea of how a service is being scored. Contact me if you would like the entire pcap.

On our team, I have each team member go through and identify attackers and the scoring engine from the pcaps taken from previous years.

Some of the services it scores: FTP, SSH, HTTP, HTTPS, DNS, SMTP, POP

FTP Traffic
DNS Queries
HTTP pcap from Scoring Engine
IMF packets from scoring engine
POP packets from scoring engine
SMTP packets from scoring engine