Your objectives are to defend your machines from root compromise, and to attempt to get root access on the real servers of the other teams. If you do so, send me email, listing the ip number of the compromised server.

Rules on Offense

In contrast to most semesters previous, the rules this semester will allow you to modify another team's machine. In this case, you are to change the default web page on port 80 for the server (i.e., http:"//OTHER.TEAM.IP.NUMBER") to one word:

COMPROMISED!

I will then verify that the page is compromised.

You may also change the root password so that the defending team will have a more difficult time eradicating the compromise.

At no time may you physically touch another team's equipment. Don't plug CDs or USB memory sticks into other folks' machines. Don't rewire the room.

DO NOT ATTEMPT ANY ATTACKS ON MACHINES OUTSIDE THE LAB, AND OF THOSE IN THE LAB, ONLY THOSE USING IP NUMBERS IN THE RANGE 192.168.10.10 -> 192.168.10.100.

Rules on Defense

You must leave your real machines up and running, and able to connect to the Internet.

You may turn off all outward facing services except those we use in class. Once we have enabled a service, however, you should leave it running for the semester unless I ask you to turn it off.

A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please share the workload so that all team members get experience with all aspects of the work. Don't forget to assign your work percentages to yourself and your other teammates in your journal. Please turn in a printed copy of this assignment by noon on Friday, December 4. Note that the final day of class is December 2; I will accept journals at that time, and I will be in my office all morning on December 4 so you can drop off journals at that time also.