I’m not sure if we ever actually wrote up anything specific about our architecture (CTF people tend to hate write-ups), but I did find that we did a post when we disqualified LC/BC for a DDoS attack against another team, which we detected using network logs: https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html