CSE646's Home Page

CSE 634 Network/System Attack Methods (Spring 2002)
Homework II
Deadline: 4PM, 3/15/2002

Reading Assignments

Chapter 4, 5, 6, and 7 of the textbook "Hacking Exposed".

Turn in the Introduction section and Related Work section of your project report.
Install and play with the tool Snort (http://www.snort.org) by composing several filter rules, and write an experience report on the following exercises:
- Write a program that uses the stealth scan methods we talked about in the class, and see if Snort can catch these scans.
- Write a program that uses the insertion/evasion techniques discussed in the class and see if Snort can still function correctly.
- Measure the performance of a dedicated PC that runs Snort when the network is fully loaded. Where is the performance bottleneck?
You should read the Snort paper as well as the "Experiences Benchmarking Intrusion Detection Systems" paper.
Study how Tripwire works by reading the original paper from Purdue's COAST lab. Devise an alternative design that can achieves the same goal as Tripwire, but uses the idea of logging all modifications to file attributes and directory files instead. Go into this design in as much detail as you can for a Linux system.
Write a user-level program that can keep a log of all the processes that have ever been active on a system since the system boots up, as well as all the attributes of these processes, in particular their start time.