-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlevel11.ts
More file actions
20 lines (18 loc) · 2.3 KB
/
level11.ts
File metadata and controls
20 lines (18 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import { Level } from './types';
export const level11: Level = {
id: 11,
title: "Packet Filtering: Severing the Uplink",
description: "A command-and-control server at 192.168.1.50 maintains an active TCP connection to this machine. Packets flow continuously - orders, telemetry, exfiltration. The connection persists because the firewall permits it. In network security, firewalls are the first line of defense - stateful packet filters that inspect every TCP/UDP/ICMP packet and apply rules: ACCEPT, DROP, or REJECT. Modern systems use Deep Packet Inspection (DPI) to analyze payload content, not just headers. Intrusion Detection Systems (IDS) monitor traffic patterns; Intrusion Prevention Systems (IPS) actively block threats. Real-world: iptables, nftables, Windows Firewall, Cisco ASA, Palo Alto firewalls. Your task: Activate the firewall rule to block all traffic from 192.168.1.50. Not by unplugging cables - by flipping the permission bit that governs packet acceptance. The connection exists only because the firewall says it can. Change the firewall. Sever the link. Tools: Memory Scanner (FIREWALL_STATUS at 0x300), Hex Editor (offset 0x300).",
requiredSkill: "Packet Filtering & Network Security",
objective: (s) => s.isAdmin === true, // Reusing isAdmin as "firewall active"
hint: "The firewall is a gate. Gates have two states: open and closed. Find the state bit. Flip it from 0 (ACCEPT) to 1 (DROP). The packets will die at the boundary.",
tutorPersona: "The Gatekeeper: A firewall is not a wall - it is a decision. For every packet, a choice: pass or drop. The connection flows because permission flows. Revoke permission. The link exists in memory as a boolean - FIREWALL_STATUS. While it is false, packets are welcomed. Set it true, and the gate closes. The server will scream into the void. Its packets will die at your threshold. This is how networks are partitioned, how malware is contained, how exfiltration is stopped. Change the bit. Change the boundary.",
memoryLayout: [
{ key: 'isAdmin', label: 'FIREWALL_STATUS', type: 'bool', offset: 0x300 }
],
initialState: {
isAdmin: false,
packets: [{id: 'p1', source: '192.168.1.50', destination: 'Local', type: 'TCP', isMalicious: true, progress: 0, lane: 0}]
},
platforms: [{ id: 'p1', x: 0, y: 280, width: 800, height: 40, type: 'static' }]
};