TKK | Tietoverkkolaboratorio | Opetus

S-38.153 Security of Communication Protocols (2 cr)
Spring 2002


Exercises

New!
About exercise report

Exercises


There are 7 exercise times in this course.
The exercises are in the student laboratory of Networking laboratory. There are 2 times booked for every week for this course: Wednesday 9-11 and Wednesday 14-16. It is not intended that you come 2 times a week every week.
It is intended that you join a group of 3-4 students, select one exercise time and come every second week.
If you cannot come on this time, it is in principle possible to come some other time when there is room in the laboratory, but we do not encourage this since it disturbs laboratory works.
You are supposed to work independently and make the following exercises in any order: Your group must write a report of what you have done in the exercises, like what you did, did it work, how far you got, what you had to fix to get it running, how difficult you found it, how much time it took, etc. This report does not need to be in a fancy format, but contain enough information. It is like a learning diary.
You will get a superuser password which works in all computers in the test network. There was some instability last year in our test network, Markus Peuhkuri can help if the network falls down. Concerning the content of the exercises, in getting the software working, you are mostly on your own. I cannot help much, but I will be present in most exercises. You can probably get more help from the other students. With a nonzero probability the guy next to you is an experienced midnight hacker, only pretenting to be working in some security firm.
In the student feedback from last year, the exercises were considered to be very poorly arranged indeed. This is because in order to do these exercises well, you need at least one person in your group who can use Linux fairly well, mix the groups so that this is the case, or be prepared to put an effort on learing the basics of Linux at the same time. It is not so much Linux you ned to know, but writing and reading from a floppy (imagine, this can be a problem in Linux!), untarring directories and files, fixing the proxy settings for web browsers, compiling C-code, using Perl, adding users, that is mostly enough, how about Intel assembly for the exploits? it is not really needed. Additionally, you should prepare to most exercises at home by finding the relevant material from the web and thinking how you can do the exercise in the 2 hours.
If you find some other nice exercise, not mentioned here, you can do it instead of the one described here. In books of practical Internet security, the authors describe many nice attacks. You can try them and replace any of the exercises below with new ones. It is a good idea to buy some thick Internet/Windows/Linux security bible of 600-1000 pages (in case you are not broke, as students tend to be). Namely;
1) if you spot an evil hacker, you can hit him in the head with the book, and
2) security holes and tools tend to stay valid only for a very short time.
You are not required to buy any book, you can pass the exam with 5 (not a joke, some did last year) without any such material, but you may learn more than from my lectures. You can also look at web pages for tools: Try
http://www.antionline.com,
http://www.anticode,com, are they still there
http.//www.cert.org,
http://www.ciac.org,
http://www.securityfocus.com
Last year we tried the following exercises, which work reasonably well, considering that hackers are not writing best quality code. If you do not invent better exercises, try to do these (all of them). In the report, it is not required that you manage to do all of the exercises, but you must make a serious attempt and document the reasons why you failed. I know that many groups got all of these working last year.
You should change the computer in different weeks so that you work both on Linux and on Windows. Mostly Linux is nicer for these exercises, there is not as much to do in a Windows.

1.
Get familiar with security scanners (Linux, Windows has rather poor ones, but try them also.)
There are many scanners available from the Web, like Nessus, Nmap etc. Look for as many scanners as you can find, try some of them against the computers in the laboratory test network. Try at least Nessus, Nmap, check COPS, do you get it running and what does it do? There are scanners for Windows, while most are for Unix. You need root rights to run a scanner. Nessus scanning takes some time (less than 1 hour), so you may do something else while it scans in the background. You do not need to prepare for this exercise at home, but it helps to read about the scanners (from the web) and to search the web for them.

2.
Try root exploits (Linux)
Look at bug lists from the Web, try with key words like root exploit in some search machines. Find exploit code that should work with some of the computers in the test network. Try it and fix it to work if needed. Look for more exploits if this was too easy. You may find some weakness in NT, like ISS, you probably need a Linux to try if it works. You probably need to look at the bug lists at home in order to do this in 2 hours at the exercises. That is, look for root exploits for Linux or NT of the versions we use.

3.
Get familiar with rootkits (Linux)
There is one rootkit in our test laboratory, which we captured from a hacker who broke to our laboratory last year. Check what it does. In a rootkit there are modified binaries of routines like login, ps, netstat etc. These modified routines contain trapdoors, steal passwords etc. There are many different rootkits, it is not difficult to write your own rootkit. There is a whole dump of the hard disc, so do not extract the whole disc. Your job is to find where is the rootkit of the hacker, extract it and try it. Save the original binaries in the computer before installing the hacker's versions, and after you tried this exercise, restore the originals. After this, look from the web if you find other rootkits, check if they are different. This should be straightforward and can be done without preparation at home.

4.
Try the HUNT tool and capturing a TCP connection with it (Linux)
Look for the HUNT tool in the Web. It has instructions, follow them. This is straightforward. Read the description of HUNT from the Web before the exercise, but it should work. You need to agree with other groups that they try Telnet which you capture.

5.
Set protection to a computer in the test laboratory. (Linux, Windows )
Look for possible alternatives, select some way to make a computer secure. Install the mechanism. Check that it protects. There are firewall tools (like FWTK, TCP Wrappers, netfilter), proxy firewalls, IDS, detectors for scanning. You should get acquinted to them before the exercise not to waste time on selecting what you want to do during the exercise.

6.
Find spying software form the Web, like netspy or netbus. Install such in a PC running Windows. Try it. (Windows)
Look for information of macro viruses or worms in the Web. See how a macro virus is sent. Try to install spying software remotely by sending email containing spying software as a payload of a virus, or in some other way. It is pretty easy to use spy software, but installing it remotely was hard for most. You shoud search the web for macro viruses at home and try to find code pieces which do the job. Nobody managed to do this last year, but it is possible.

7.
Try password crackers(Linux, Windows)
Find password cracker software, like L0pthCrack, jack the ripper, from the Web. Invent a way how you can try it. (You could get a password file from somewhere, or you can make a password file and see what kind of passwords the cracker finds.) Try cracking. You better do the cracking at home, because if you have found large dictionaries form somewhere (web), cracking takes a long time, 2 hours is not enough.

8.
DoS (Linux, Windows?)
To do DoS you actually need many computers. However, try to find DoS software from the web and try how it works against the computers in the test laboratory. There are for instance TCP SYN flood, Ping of death etc.

9.
Web, do offline at home
Look for underground or other interesting web pages. Be a bit careful with them, you may be caught by US police interested in people searching for bad pages, these pages are also said to contain programs which have viruses inserted intentionally. You may invite a hacker to attempt hacking into your computer. There are more friendly pages, like pages containing hostile java applets. The purpose of this exercise is to see how much relevant information you can find. Is it easy to find underground information, or difficult? Do not use this knowledge for hacking purposes.

10.
Study the security setting of NT or Windows 2000 (Windows)
See what you can change. Try to find weaknesses and use them from another computer. You must study Windows security from some source before the exercise, else you will not manage to do anything useful. If you have studied, it is simply to verify that the menus are there and try to change them. Invent some attack that works if security settings are not good, verufy that it works, then set the security higher and verify that the problem is removed.

11.
Try sniffer code(Linux)
Find a sniffer from the web. Sniff passwords from Telnet or FTP connections in the test network. This should be very easy. You do not need to prepare to this. The main problem is to find a sniffer.

?
If there is time, try to design an experiment where a group of protectors try to make a computer secure, and a group of hackers try to break in. If this experiment looks possible, try it. We did not manage to do this test last year, maybe somebody invents a way to do it.

Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan laitosta. Tällä sivulla oleva tieto voi olla vanhentunutta.

Kurssien ajantasainen tieto on MyCourses-palvelussa.

Tämän sivun sisällöstä vastaavat ja Webmaster.
Sivua on viimeksi päivitetty 08.01.2003 07:04.
URI: http://www.netlab.tkk.fi/opetus/s38153/k2002/exercises.shtml
[ TKK > Sähkö- ja tietoliikennetekniikan osasto > Tietoverkkolaboratorio > Opetus ]
?Kysy =>Anna palautetta!