Assignments
Assignment 1
- Try out 5 standard unix tools listed in the notes. Describe which tools you used, as well as input, output, and any options used when running them.
- Create an alias for a command or commands in your .bashrc file.
Assignment 2
- Read the wikipedia.org page on the OSI network model http://en.wikipedia.org/wiki/OSI_model. Just focus on the "Description of OSI Layers" section.
- Another wikipedia link: http://en.wikipedia.org/wiki/Internet_protocol_suite. Read the section on the Transport layer, and follow the links in that section for TCP and UDP. For TCP, just read the section on Protocol Operation through "Connection establishment". Look at the pretty picture, then scroll down until you find the diagram for the TCP header. Again, look at the pretty picture. For UDP, read the Ports and Packet Structure sections and check out the header diagram.
Assignment 3
- Install Ethereal on your computer or use one in the lab. Do the following: set ethereal to capture with a filter option of your choice (something concerning port number or IP address is a good starting place). Load a webpage or send an IM/email to a friend and stop capturing. Analyze the packets. Find the SYN, SYN/ACK, see if you can read any or all of the data transmitted. Write down your findings. Save your capture and upload it on the assignment page along with your findings.
Assignment 4
- Try and "map" the Marlboro network using ping, traceroute, and nmap. See which servers, routers, and personal computers you can identify, and run nmap on a handful of them. Find any with lots of open ports?
- Read either chapters 3 & 6 from Stevens' TCP/IP Illustrated or sections 4.1, 4.4, and 5.4 in Kurose/Ross' Computer Networking. Let me know which one you did.
Assignment 5
- Bigfoot Networks recently announced a new product: the KillerNic. Basically what they made is a network card that has its own processor (running a simple version of Linux, apparently) to process network packets and pass them directly to your network games. Their claim is that by avoiding bogging down the main CPU and the Windows implementation of the network protocols, they can deliver a lower ping and even higher framerates. This is certainly an interesting notion, and appealing for the hardcore gamer. That is, if it actually does what it says. Examine the product details here: http://www.killernic.com/KillerNic/ and then read their "white paper" about LLR Technology here: http://www.bigfootnetworks.com/LLR.aspx
Given what we know so far, do you believe their claims? Furthermore, take a moment to think about this from a security perspective, specifically the "FNapps." We'll come back to this later in the semester once we know more. Your response shouldn't be much more than a page, but no less than two (full) paragraphs.
- Over the summer, I was sitting around thinking about cables and switches when I had an idea: it sucks having both patch and crossover cables (since you always end up with the one you don't need). How could we eliminate one of them?
So two computers want to talk to eachother. They both have the same network card. Let's call the output and input connections on the plug of the card A and B, respectively. So since both our computers have the same cards, if we plug a patch cable into them, they're both transitting on the "A" connections, which are both sending data in the same wires. Conversely both "B's" are listening for data that will never come. If we plug in a crossover cable instead, Computer 1's A sends data to Computer 2's B, and vice versa. Hooray crossover cables!
Assume we want to make more than a two computer network though? Well, then we're probably going to want a switch somewhere in there. What do you connect your computer to a switch with? A patch cable. Why does this work? Because switches "cross" the wires internally. That's fine and dandy, but now we have two different cables to deal with.
So MY idea was, why bother with internal crossing? Then we can just use crossover cables for everything. Problem solved. I immediately proposed this idea to a friend of mine who has less networking experience than me, but knows much more about hardware. Words were said and pictures were drawn. "No, no," he argued, "that won't work if the switch doesn't do internal crossing, and here's the picture to prove it:
http://cs.marlboro.edu/~glein/images/switch_weirdness.pdf." (The rectangles in the picture are switches.) Eventually (after nearly an entire day of debate) we figured out that one of us had made an error. Who was it, and what was their mistake?
Hint: I'm used to dealing with switches, whereas my friend is used to dealing with hubs, which are purely mechanical.
These wiki pages might be helpful for the second part:
Assignment 6
- Create an iptables rule set that allows incoming and outgoing ssh traffic (port 22), allows responses to any outgoing connection requests, and drops all outgoing ICMP packets. The rules should be written as you would enter them in at the command line (i.e. with proper option flags and in the right order). Bonus points for sticking them all in an executable bash script. Use the links from the notes, as well as the iptables man page, as guides.
Assignment 7
- Run John the Ripper on either a lab computer or your own. If running on your own, create a dummy account with a trivial password (such as a six letter word). See how long it takes to crack. Compare this to your own user or root password (you may want to leave this running for a few days). Was it able to crack your password? If so, how long did it take (you don't need to actively time it, just give an estimate)? Depending on your results, you may want to choose new passwords.
- Send me an email impersonating your favorite movie star using the notes as a guide.
Assignment 8
- Follow the instructions in the notes to create your own RSA key to log into cs.
- Skim the following:
- Find a file from sourceforge or similar file hosting site that has an accompanying md5 hash. Download both and use the md5 command to compare them. Try making some very minor modification to the file and compare again. What happens if you undo your change?
- Look into tunneling via ssh. This is a good place to start: http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html
Assignment 9
- Using the notes as a guide, create your own RSA public and private key using small primes (i.e. ones under 20 or so). Pick a and use trial and error to multiply it until you find b such that b * a = 1(modφ(n))
. Using the simple encoding {A=1, B = 2, ...}, encrypt each letter of "BADSECURITY" with your public key. Post both keys and the encrypted message.
- Ignoring the obvious short key length (and the fact that you gave me both the public and the private key, what you just did was incredibly insecure. Why? (Reviewing the "weakest link" section of the CryptoTools notes might be helpful. This requires a certain insight.)
Assignment 10
- Read Ch. 2 in Gray Hat Hacking
- Read any chapter in Stealing the Network
- Using the notes as a guide, set up a web man-in-the-middle attack in the lab. Describe who you impersonate and any discrepancies that might tip off the user that something is awry.
Assignment 11
- On http://sqlzoo.net/, do tutorial sections 1, 2a, and 3. There are links on the tutorial pages to explanations of the commands you'll need. Post your SQL query for each problem.
- In the reading, we discussed Javascript vulnerabilities in WikiAcademia. Based on the code in the example, do the following:
- Describe how you could trick a user into revealing their username/password (it doesn't have to be too elaborate).
- Discuss the severity of the example, focusing on possible damage, traceability, and access needed to execute the attack.
Assignment 12
- About a year ago, I was playing Second Life, an open-ended massive multiplayer game similar to the Metaverse in Neal Stephenson's novel "Snow Crash". I was striking up a conversation with a polygonal beauty when some little goblin with a funny hat came over and started claiming he'd "rooted" my box. Seconds later, my character was transported about a gazillion feet up in the air where I began the long steady plummet to my death. While I was at first a little shaken that I had, in fact, been rooted (oh the shame for a security guru), I quickly realized this was unlikely and tried to figure out how exactly he HAD managed to do that. The solution as I saw it was this: Second Life has a very large game world, and to alleviate travel times has a very hand "warp" function. The goblin must have used this function on me with some tailored coordinates to send me flying.
First, put yourself in the goblin's shoes. All you know is that this transport function exists in the game. How could you a) figure out how it works, and b) recreate its effects on your victim? What additional information might you need?
Second, what methods could the game server use to protect against this sort of malicious behavior? What methods could you use? How would they affect performance?
Some good tools to start with include ethereal, netcat (nc), and iptables. While you don't need to actually execute either the attack or defense, your answer should include detailed explanations of how to use these (or other) tools.
Final Project
The final project is an open ended assignment that should be the equivalent of a 5 page paper. This can be entirely essay, entirely project, or some division of the two. Possible topics include exploring a new program or toolkit (make sure they're complex enough to warrant a sizable writeup) or a more in depth look at a topic we covered in class (such as advanced Ethereal usage or crypto proofs). Other options are finding an exploit from the Bugtraq mailing list and dissecting the buggy code and exploit code or studying a wholly new topic (see the final section of
AttackAnatomy for some suggestions). Students are also welcome to code up something, but should be careful not to bite off more than they can chew.
