CNT4603 - 2009 Spring
Final Group Assignment
Journals Due Thursday, April 23rd, at the beginning of class.

Assignment: Security Exercise




Your objectives are to defend your machines from root compromise, and to attempt to get root access on the real servers of the other teams. If you do so, send me email, listing the ip number of the compromised server.

Rules on Offense

In contrast to years previous, the rules this time will allow you to modify another team's machine. In this case, you are to change the default web page on port 80 for the server (i.e., http:"//OTHER.TEAM.IP.NUMBER") to one word:

COMPROMISED!

I will then verify that the page is compromised.

You may also change the root password so that the defending team will have a more difficult time eradicating the compromise.

At no time may you physically touch another team's equipment. Don't plug CDs or USB memory sticks into other folks' machines. Don't rewire the room.

DO NOT ATTEMPT ANY ATTACKS ON MACHINES OUTSIDE THE LAB, AND OF THOSE IN THE LAB, ONLY THOSE USING IP NUMBERS IN THE RANGE 192.168.10.10 -> 192.168.10.100.

Rules on Defense

You must leave both of your real machines up and running, and able to connect to the Internet.

You may turn off all outward facing services except for sshd, ldap, and httpd.




A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please share the workload so that all team members get experience with all aspects of the work. Don't forget to assign your work percentages to yourself and your other teammates in your journal. Please turn in a printed copy of this assignment at the beginning of class on Thursday, April 23rd.