SANS ISC: Solution for: The Twelve Days of Christmas Packet Challenge - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Once again, I want to thank everyone that participated.  I received alot of requests for more packet challenges which warms my heart:>)   This packet challenge was fun to create and the responses back were awesome as well.  I'm working to put together a series of challenges.  I hope to have the first one posted in the very near future so stay tuned!  For this packet challenge, you can find the packets here if you would like to give it a try and missed it over the holidays.  If so, stop reading now cause I'm going to reveal the correct answer.  I would like to say congratulations to the following folks who submitted correct answers and I hope I didn't miss anyone.  A job well done:

Michael Brown and Kenny Long (sent as a joint effort)
Brandon Greenwood
Nicholas Albright
J. Mike Rollins
Morgan Bailey
Andre M. DiMino

 
To solve the packet challenge, you needed to first decode the data contained in each packet.  The data was encoded using Base64.  There are lots of tools and scripts around that will encode/decode Base64 for you.  Once you got the data decoded, you had to decide the correct order the data from the packets should be arranged in to see what the handlers were giving you for Christmas.  The song it was based on was the 12 days of Christmas and the correct ordering of the packets could be accomplished by putting the Sequence Numbers in increasing order.  Here is the data decoded and in its correct order:

On the xxxx day of christmas the handlers gave to me a packet capture in its entirety
On the xxxx day of christmas the handlers gave to me xxxx C&Cs
On the xxxx day of christmas the handlers gave to me xxxx phat bots
On the xxxx day of christmas the handlers gave to me xxxx orange smurfs
On the xxxx day of christmas the handlers gave to me xxxx Token Rings
On the xxxx day of christmas the handlers gave to me xxxx sensors failing
On the xxxx day of christmas the handlers gave to me xxxx worms a spreading
On the xxxx day of christmas the handlers gave to me xxxx servers crashing
On the xxxx day of christmas the handlers gave to me xxxx phishers phishing
On the xxxx day of christmas the handlers gave to me xxxx logs for analyzing
On the xxxx day of christmas the handlers gave to me xxxx hackers hacking
On the xxxx day of christmas the handlers gave to me xxxx geeks a sleeping


I hope everyone who tried this had fun.  If you have questions, please feel free to ask.  If you have some interesting packets that you think might make for a good challenge and can share them, please pass them our way.  We can obfuscate them however you like.  This way we can all learn and have some fun together.