assignments
term grade
due Sun Dec 17
Final Project
The final two weeks' work will be focused on a small project of the student's choice. Viable projects include an expansion of a previous assignment, exploration of a new tool or concept, or a short (but educated) 2-3 page essay
due Fri Dec 8
Assignment 10
due Fri Dec 1
Assignment 9
- On http://sqlzoo.net/, do tutorial sections 1, 2a, and 3. There are links on the tutorial pages to explanations of the commands you'll need. Post your SQL query for each problem.
- I did a little playing around with wicked javascript over on this wiki page: XSS and javascript play. Go check it out.
due Fri Nov 17
Assignment 8
- About a year ago, I was playing Second Life, an open-ended massive multiplayer game similar to the Metaverse in Neal Stephenson's novel "Snow Crash". I was striking up a conversation with a polygonal beauty when some little goblin with a funny hat came over and started claiming he'd "rooted" my box. Seconds later, my character was transported about a gazillion feet up in the air where I began the long steady plummet to my death. While I was at first a little shaken that I had, in fact, been rooted (oh the shame for a security guru), I quickly realized this was unlikely and tried to figure out how exactly he HAD managed to do that. The solution as I saw it was this: Second Life has a very large game world, and to alleviate travel times has a very hand "warp" function. The goblin must have used this function on me with some tailored coordinates to send me flying.
First, put yourself in the goblin's shoes. All you know is that this transport function exists in the game. How could you a) figure out how it works, and b) recreate its effects on your victim? What additional information might you need?
Second, what methods could the game server use to protect against this sort of malicious behavior? What methods could you use? How would they affect performance?
Some good tools to start with include ethereal, netcat (nc), and iptables. While you don't need to actually execute either the attack or defense, your answer should include detailed explanations of how to use these (or other) tools.
due Fri Nov 10
Assignment 7
- Read Ch. 2 in Gray Hat Hacking
- Read any chapter in Stealing the Network
due Fri Nov 10
Assignment 6
- Using the class notes here as a guide, create your own RSA public and private key using small primes (i.e. ones under 20 or so). Pick a and use trial and error to multiply it until you find b such that b * a = 1(modφ(n))
. Using the simple encoding {A=1, B = 2, ...}, encrypt each letter of "BADSECURITY" with your public key. Post both keys and the encrypted message.
- Ignoring the obvious short key length, what you just did was incredibly insecure. Why?
due Fri Oct 27
Assignment 5
due Fri Oct 6
Assignment 4
- Try and "map" the marlboro network using ping, traceroute, and nmap. See which servers, routers, and personal computers you can identify, and run nmap on a handful of them. Find any with lots of open ports?
- Over the summer, I was sitting around thinking about cables and switches when I had an idea: it sucks having both patch and crossover cables (since you always end up with the one you don't need). How could we eliminate one of them?
So two computers want to talk to eachother. They both have the same network card. Let's call the output and input connections on the plug of the card A and B, respectively. So since both our computers have the same cards, if we plug a patch cable into them, they're both transitting on the "A" connections, which are both sending data in the same wires. Conversely both "B's" are listening for data that will never come. If we plug in a crossover cable instead, Computer 1's A sends data to Computer 2's B, and vice versa. Hooray crossover cables!
Assume we want to make more than a two computer network though? Well, then we're probably going to want a switch somewhere in there. What do you connect your computer to a switch with? A patch cable. Why does this work? Because switches "cross" the wires internally. That's fine and dandy, but now we have two different cables to deal with.
So MY idea was, why bother with internal crossing? Then we can just use crossover cables for everything. Problem solved.
I immediately proposed this idea to a friend of mine who has less networking experience than me, but knows much more about hardware. Words were said and pictures were drawn. "No, no," he argued, "that won't work if the switch doesn't do internal crossing, and here's the picture to prove it:
http://cs.marlboro.edu/~glein/images/switch_weirdness.pdf." (The rectangles in the picture are switches.) Eventually (after nearly an entire day of debate) we figured out that one of us had made an error. Who was it, and what was their mistake?
Hint: I'm used to dealing with switches, whereas my friend is used to dealing with hubs, which are purely mechanical.
These wiki pages might be helpful:
due Fri Sep 29
Assignment 3
- Bigfoot Networks recently announced a new product: the KillerNic. Basically what they made is a network card that has its own processor (running a simple version of Linux, apparently) to process network packets and pass them directly to your network games. Their claim is that by avoiding bogging down the main CPU and the Windows implementation of the network protocols, they can deliver a lower ping and even higher framerates. This is certainly an interesting notion, and appealing for the hardcore gamer. That is, if it actually does what it says. Examine the product details here: http://www.killernic.com/KillerNic/ and then read their "white paper" about LLR Technology here: http://www.bigfootnetworks.com/LLR.aspx
Given what we know so far, do you believe their claims? Furthermore, take a moment to think about this from a security perspective, specifically the "FNapps." We'll come back to this later in the semester once we know more. Your response shouldn't be much more than a page, but no less than two (full) paragraphs.
- Reading: Read either chapters 3 & 6 from Stevens' TCP/IP Illustrated or sections 4.1, 4.4, and 5.4 in Kurose/Ross' Computer Networking. Let me know which one you did.
due Fri Sep 22
Assignment 2
- Install Ethereal on your own computer or use one in the lab. Do the following: set ethereal to capture with a filter option of your choice (something concerning port number or IP address is a good starting place). Load a webpage or send an IM/email to a friend and stop capturing. Analyze the packets. Find the SYN, SYN/ACK, see if you can read any or all of the data transmitted. Write down your findings. Save your capture and upload it on the assignment page along with your findings.
- A light and enjoyable reading assignment is coming.
due Fri Sep 15
Assignment 1
- Try out 3-5 standard unix tools. Create an alias for something in your .bashrc file.
- Read the wikipedia.org page on the OSI network model http://en.wikipedia.org/wiki/OSI_model. Just focus on the "Description of OSI Layers" section.
- Another wikipedia link: http://en.wikipedia.org/wiki/Internet_protocol_suite. Read the section on the Transport layer, and follow the links in that section for tcp and udp. For tcp, just read the section on Protocol Operation through "Connection establishment". Look at the pretty picture, then scroll down until you find the diagram for the tcp header. Again, look at the pretty picture. For udp, read the Ports and Packet Structure sections and check out the header diagram.