> For all open ports and resources, of maybe your hackathon project have a username and password configured and use the S variants of protocols: https and a password for any port serving a website from your localhost. All dev servers, all REST endpoints, everything. Just don’t start a blank version of anything without auth. You are now safe from a lot of script kiddie attacks.

How does SSL protect from skript kiddies? It protects the person connecting to my service and prevents man-in-the-middle-attacks. But the services running behind the SSL gateway are as exploitable as ever. Also a service running on “localhost” is per definition not reachable from the network.

Another thing on SSL: There is no encryption without authentication. How would you make sure, you are connecting to the right service with a correct certificate on a local network? You would have to make your own CA and stuff.

Instead of encryption and passwords (which is snakeoil in this scenario) just install ufw and be happy.

Oh and one last thing: All these attacks happen permanently on corporate internal networks too. Maybe even more often than at hackathons, where most of the people tend to be temporarily unemployed young nerds without power or real valuable data anyhow.