Aa![Ӏ}  0 U 0` `0@ @@p p`  HH $ @d HHHH̀̀̀ff@  d Footnote TableFootnote**.\t.\t/ - :;,.!?-)ds d0TOCHeading1Heading2nmapsTtelnet   ZEquationVariables-TWL::=: ;;R<<$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>;<$monthname> <$daynum>, <$year> <$hour>:<$minute00> <$ampm>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page <$paratext> on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See <$paratext> on page<$pagenum>. Table All7Table<$paranumonly>, <$paratext>, on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum>AHeadings-kHTML$A||~~Ag5y::: 55: MNN1.::::: ::::?:A:C:E:G:I:K:M:O:|:~::::::::::::::::::::::::::::;;;;;!;#;%;';);T;V;X;Z;\;^;`;b;d;fS;jSSO;;;;;;S;;;;;;;S;;;;;;;S;;;;;SSOSSP SSP<<<>>>> > > >>>>>>>>>>!>#>%>'>)>+>->/>1>3>5>7>9>;P~>?>A>C>E>G>I>K>M>O>Q>S>U>WPJEPJQxK=QKQQKRKR8K@@@GAA AAA AN2.LM M NNNNNʀ NNNNNO+N1.N2.N3.OOO O ORO'RRRRNqRRRRRRRRRRSSSSS S S SSSSSSSSS&S(SJSLSSSSSSndqd:dO$$ dM " HmRM HmRHRHR Footnote Hr@MHr@HzHz Single LineHM Footnote M  HDM HDHH Double LineHM Double LineM M HM  Single LineM HZM " TableFootnoted5p HHˆ5xHHˆGe HHˆ5zHHˆl $$:$$etGBm V $$:$$l} : GeHeadings Table } :  Ge } :  Ge }l: lG eHeading Level HUV 5HUV Ge HUV 5HUV l H$ 5H$ Ge H$ 5H$ l HHˆ5HHˆ-- `Project ,`Goal  wThe goal of this project is to give you some experience in analyzing the security of a system. For this, you will play I@ the role of a security analyst.  X vYou work for a corporation that keeps its data on a system protected by a firewall. The system runs a web server that 0dvdisplays sanitized data. It should not display any sensitive data. Your bosses have asked you to determine the follow@ing two things:  `gDoes the firewall correctly pass the traffic that it is supposed to pass, and block all other traffic? 1q kCan outsiders (those without accounts on the system) get access to any data beyond that displayed on pages @marked  authorized ? w`DThe following outlines what you are to do to answer these questions u`First Step: Firewall vϪ Your first step is to look at the firewall. It should allow the following types of messages through:  ssh  (port 22) and  http  0۪x(port 80), using TCP and UDP. Checking this requires a program known as a  port scanner . You can find several; weve set up one for you. This program,  nmap , is very powerful but must be run as  root . You can look on the class |home page for the manual page. As most of you dont have  root  access to any systems, weve set up a special login @[that will run  nmap  against the target system, which has IP address 169.237.7.61. x To use this login,  telnet  to  nob.cs.ucdavis.edu  and log in as  nmap . No password is required. You will see a greeting, 0sand then you will be asked for options. The standard TCP scan requires the option sT; the standard UDP scan, sU. @gThe  nmap  manual page describes other options. Once you enter them, you will see a line like: y5`HStarting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) z |It will then sit for a while (how long depends upon the options) and print out the list of what it believes are open ports. 0PrGood options are p, which allows you to specify port ranges, and various -s options such as sX. You should also @ look at O. | k To Turn In : You are to turn in 3 files. The first,  tcpudp , is to contain the results of a standard TCP and UDP port scan. 2w~List ports for both the TCP and UCP protocols. You can use  nmap , as described above, or your own favorite port scanner. The second file,  oddpacket , is to contain the results of any of the following port scans: TCP SYN scan, Stealth FIN scan, Christmas Tree scan, or Null scan. The third,  log.txt , is to contain your notes on the scanning. In particular, }please explain why we asked you to run the scans in  oddpacket . Did you get different results? Does the manual page @ suggest why? { `tExtra Credit : Determine if the firewall is stateful (that is, a proxy firewall) or not (a filtering firewall). }`Second Step: System ~ߪ yNow you are to look at the host behind the firewall. The first step is to figure out what servers the remote host is run0몍yning. A good way to start is to look for the most common servers: telnet, smtp (mail server), www, ftp, rlogin, rsh, the @]portmapper, and X11. To get other ideas, look at the servers that CSIF machines are running.  `/Step 1 : What servers is the CSIF running?  To find this, run  netstat -a  on any CSIF system. Look at the fourth column (Local Address). You will see either an IP 0!uaddress, a host name, or an asterisk (*) followed by a colon and a name or a number. The name following the colon is ythe name of a server. To figure out which port the server is running on, look for the server name in the first column of @the file  /etc/services . The second field in that line contains the port number followed by the protocol (tcp or udp).  H`(Step 2 : Look at the target system.  yWhat servers is the target running? You might look at the results of the first step to see which ports are open, and tie c@Rthem back to the names of the servers. Here are a few questions to get you going. r qIs a web server running? If so, can you think of any security-related problems that may arise from running a web P~@server? HHˆ5HHˆ$l}: G eParagraph Format }:!G e Comments }l: )lGe2 EGxRMEGxREPwEPw TableFootnote HHˆO HHˆ  $`KDoes the system behind the firewall allow you to  rlogin  into it? 1 iDoes the system behind the firewall run an X window server (look for open TCP and UDP ports in the range @ 6000 on up)?  To Turn In : You are to turn in 3 files. The first file,  csif-servers , is to list the servers running on a CSIF system (please 2name the system, of course ). The second,  target-servers , is to list the servers running on the target system behind the firewall. In both files, please  name  the server as well as the port number (unless there is no server associated with that port in  /etc/services ). The third file , log2.txt , is to contain a record of how you obtained the data in the other two @ files.   t`Turning In Results W`tPlease submit them to the directory  proj1  using the  handin  program. This is due on November 30. HHˆO HHˆ##l}R#&$ OGe P:Numbered+ }HR#%'H$ OG eP }6R#&(6$ OG eN }6R#'x6$ OG eN }:!*Ge Heading1 }:)uGe d:8-- $$:9+$$0a-0XSNID?:50+& y% l^bf~zvrnjUX[IMQ.14FC@=:7GBm ` _ ^ ] Z W $$:;+$$%,,l}$ :>iT1$ jWeCharacter Macros }l :@il jWe } :Bi jWe }$H:Di.2$HjW e Character }l:Fi13ljW e Replace With }:Hi24jW e Comments }$H:Ji35$HjW e }l:Li46ljW e¢ }:Ni5FjW e }$H:{i<8$HjW e }l:}i79ljW e... }:i8jW e }$H:i?;$HjW e }l:i:<ljW e- }:i;7jW  e }$H:iB>$Hj W! e }l:i=?lj W" e-- }:i>:j W# e }$H:iEA$Hj W$ e }l:i@Blj W% e° }:iA=j W& e }$H:iHD$Hj W' e }l:iCElj W( e® }:iD@j W) e }$H:i6G$Hj W* e }l:iFHlj W+ e© }:iGCj W, e }$Z :i]M$Z j W-eGeneral Macros }Z :iZ j W.e }Z :iZ j W/e }\Z :i\Z j W0e }$jh:iIN$jhjW1 e Macro Name }jh:iMOjhjW2 e Replace With }jh:iNPjhjW3 eHead }\j:iOQ\jjW4 e Comments }$zh:iPR$zhjW5 e }zh:iQSzhjW6 e }zh:iRTzhjW7 e }\z:iS.\zjW8 e }$$ ;imX$$ j W9eCross-Reference Macros }$ ;i$ j W:e }D$ ;iD$ j W;e }$4;iUY$4j W< e Macro Name }4; iXZ4j W= e Replace With }D4;"iY[D4j W> e Comments }$D;$iZ\$Dj W? e See Also }D;&i[]Dj W@ eSee <$paratext> }DD;(i\IDDj WA e }$z ;S#b$z $ WBeSystem Macros }z ;U#z $ WCe }z ;W#z $ WDe }\z ;Y#\z $ WEe }$h;[#^c$h$ WF e Macro Name }h;]#bdh$ WG e Replace With }h;_#ceh$ WH eHead }\h;a#df\h$ WI e Comments }$h:;c#eg$h:$ WJ e StartOfDoc }h:;e#fhh:$ WK e }h:;g#gih::$ P4e L����e <$defaulttitle> N����e AOe }\h:;i#h\h:$ WM e }$²h;iqk$²hj WQ eEndOfLastSubDoc }²h;ijl²hj WR e }²h;ikm²hj WS e }\²h;ilU\²hj WT e }$xh:;iuo$xh:j WU eStartOfLastSubDoc }xh:;inpxh:j WV e }xh:;ioqxh::j u4e W����e <$defaulttitle> s����e Ate }\xh:;ipj\xh:j WX e }$hh;iys$hhj WY eEndOfFirstSubDoc }hh;irthhj WZ e }hh;isuhhj W[ e }\hh;itn\hhj W\ e }$.h:;iw$.h:j W] eStartOfFirstSubDoc }.h:;ivx.h:j W^ e }.h:;iwy.h::j r4e _����e <$defaulttitle> p����e Aqe }\.h:;ixr\.h:j W` e }$h;#{$h$ Wa e EndOfSubDoc }h;#z|h$ Wb e }h;#{}h$ Wc e }\h;#|\h$ Wd e }$h:;#$h:$ We eStartOfSubDoc }h:;#~h:$ Wf e }h:;#h::$ o4e g����e <$defaulttitle> m����e Ane }\h:;#z\h:$ Wh e }$h;#i$h$ Wi e EndOfDoc }h;#h$ Wj e }h;#h$ Wk e }\h;#~\h$ Wl e }$4 <#x $4 $ WveHTML Options Table }4 <#4 $ Wwe }h4 <#h4 $ Wxe }$D< # $D$ Wy eControl }D<"# D$ Wz eValue }hDH<$# hDH$ W{ e Comments }$T<&# $T$ W| e Image Format }T<(# T$ } % 0001IMAGGIF PE MACP0001GIF }hTH<*# lhTH$ W~ e } 6$$ 'W# eX:Page }H<#57H$ 'W$ e See Also }6<#686$ 'W% eN }26<#7926$ 'W& eN }h<#80h$ 'W' e }$<#C;$$ (W( eX:Heading & Page }H<#:<H$ (W) e See Also }6<#;=6$ (W* eN }26=#<>26$ (W+ eN }h=#=5h$ (W, e }$=#H@$$ )W- eC:EquationVariables }H=#?AH$ )W. eEM }6=#@B6$ )W/ eN }26= #AC26$ )W0 eN }h= #B:h$ )W1 e }$=#ME$$ *W2 e C:Emphasis }H=#DFH$ *W3 eEM }6=#EG6$ *W4 eN }26=#FH26$ *W5 eN }h=#G?h$ *W6 e }$=#RJ$$ +W7 eC:Code }H=#IKH$ +W8 eEM }6=#JL6$ +W9 eN }26=#KM26$ +W: eN }h= #LDh$ +W; e }$="#WO$$ ,W< eC:Bold }H=$#NPH$ ,W= eEM }6=&#OQ6$ ,W> eN }26=(#PR26$ ,W? eN }h=*#QIh$ ,W@ e }$=,#\T$$ -WA eP:Title }H=.#SUH$ -WB eH* }6=0#TV6$ -WC eN }26=2#UW26$ -WD eN }h=4#VNh$ -WE e }$b,=6#Y$b,$ .WF e P:TableTitle }bH,=8#XZbH,,$ .d&eLI Ge Parent = OL Qce Depth = 0 }b6,=:#Y[b6,$ .WH eN }2b6,=<#Z\2b6,$ .WI eN }hb,=>#[Shb,$ .WJ e }=@+f^, /GKeP:TableFootnote }H=B+]_H, /GLeP }6=D+^`6, /GMeN }6=F+_a6, /GNeN }=H+`, /GOe }=J+kc, 0GPeP:Rule }H=L+bdH, 0GQeP }6=N+ce6, 0GReN }6=P+df6, 0GSeN }=R+e], 0GTe },=T+ph,, 1GUe P:Numbered1 }H,=V+giH,,, 1beLI Ve Parent = OL Aae Depth = 0 }6,=X+hj6,, 1GWeN }6,=Z+ik6,, 1GXeN },=\+jb,, 1GYe },=^+um,, 2GZe P:Numbered }H,=`+lnH,,, 2`eLI [e Parent = OL A_e Depth = 0 }6,=b+mo6,, 2G\eN }6,=d+np6,, 2G]eN },=f+og,, 2G^e }=h+zr, 3G_eP:Mapping Table Title }H=j+qsH, 3G`eP }6=l+rt6, 3GaeN }6=n+su6, 3GbeN }=p+tl, 3Gce }=r+w, 4GdeP:Mapping Table Cell }H=t+vxH, 4GeeP }6=v+wy6, 4GfeN }6=x+xz6, 4GgeN }=z+yq, 4Ghe }=|+|, 5GieP:ManHeading2 }H=~+{}H, 5GjeP }6=+|~6, 5GkeN }6=+}6, 5GleN }=+~v, 5Gme }=+ , 6Gne P:ManHeading }H=+H, 6GoeP }6=+6, 6GpeN }6=+6, 6GqeN }=+{, 6Gre }=+, 7Gse P:ManBody }H=+H, 7GteP }6=+6, 7GueN }6=+ 6, 7GveN }=+, 7Gwe },=+ ,, 8Gxe P:LetteredA }H,=+ H,,, 8^eLI ye Parent = OL A]e Depth = 0 }6,=+ 6,, 8GzeN }6,=+ 6,, 8G{eY },=+ ,, 8G|e },=+,, 9G}e P:Lettered }H,=+H,,, 9\eLI ~e Parent = OL A[e Depth = 0 }6,=+6,, 9GeN }6,=+6,, 9GeY },=+ ,, 9Ge }=+, :Ge P:Indented }H=+H, :GeP }6=+6, :GeN }6=+6, :GeN }=+, :Ge }=+", ;GeP:HeadingRunIn }H=+H, ;GeP }6=+6, ;G eN }6=+6, ;G eN }=+, ;G e }=+', <G e P:Heading2 }H=+ H, <G eH* }6=+!6, <GeN }6=+ "6, <GeN }=+!, <Ge }=+,$, =Ge P:Heading1 }H=+#%H, =GeH* }6=+$&6, =GeN }6=+%'6, =GeN }=+&, =Ge }=+1), >GeP:Heading Info }H=+(*H, >GeP }6=+)+6, >GeN }6=+*,6, >GeN }=++#, >Ge }=+6., ?GeP:Hand }H=+-/H, ?GeP }6=+.06, ?GeN }6=+/16, ?GeN }=+0(, ?Ge }=+;3, @G e P:Footnote }H=+24H, @G!eP }6=+356, @G"eN }6=+466, @G#eN }=+5-, @G$e },=+@8,, AG%e P:Exercise }H,=+79H,,, AZeLI &e Parent = OL AYe Depth = 0 }6,=+8:6,, AG'eN }6,=+9;6,, AG(eN },=+:2,, AG)e }=+E=, BG*e P:Due Date }H>+<>H, BG+eP }6>+=?6, BG,eN }6>+>@6, BG-eN }>+?7, BG.e }>+JB, CG/e P:CodeIndent }H> +ACH, CG0eP }6> +BD6, CG1eN }6>+CE6, CG2eN }>+D<, CG3e }>+OG, DG4e P:CodeCenter }H>+FHH, DG5eP }6>+GI6, DG6eN }6>+HJ6, DG7eN }>+IA, DG8e }>+TL, EG9eP:Code }H>+KMH, EG:eP }6> +LN6, EG;eN }6>"+MO6, EG<eN }>$+NF, EG=e }>&+YQ, FG>eP:CellHeading }H>(+PRH, FG?eP }6>*+QS6, FG@eN }6>,+RT6, FGAeN }>.+SK, FGBe }>0+^V, GGCe P:CellBody }H>2+UWH, GGDeP }6>4+VX6, GGEeN }6>6+WY6, GGFeN }>8+XP, GGGe },>:+c[,, HGHe P:Bulleted }H,><+Z\H,,, HXeLI Ie Parent = UL AWe Depth = 0 }6,>>+[]6,, HGJeN }6,>@+\^6,, HGKeN },>B+]U,, HGLe }>D+h`, IGMe P:BodyList }H>F+_aH, IGNeP }6>H+`b6, IGOeN }6>J+ac6, IGPeN }>L+bZ, IGQe }>N+"e, JGRe P:BodyCenter }H>P+dfH, JGSeP }6>R+eg6, JGTeN }6>T+fh6, JGUeN }>V+g_, JGVe d>kk $$>i$$v9kvrnjUX[IMQ.14FC@=:7$$>i$$%jjl}$d@#m$d$ KWe e!Copy Files Imported by Reference }d@#lnd$ KWf eN }hdH@#mhdH$ KWg e -}lAwslMGke1 }ArtMGl eTitle }AsMGme }lA*vlNGne3 }AuwNGoe Heading2 }AvrNGpe }R#($ OG e }R# z$ PGe P:Lettered+ }HR#yH$ PGeP dL|H$ L{~H$ }}l H$ L{H$ |Wr l' UProject aECS 153 Fall 2000 HUV L{|HUV  l HUV L{HUV ~Wsl_Version of   bNovember 21, 2000 4:24 pm cPage   d2 e of   f2 g HHˆL{~HHˆ l HHˆL{HHˆWte }6R#z6$ PGeN }6R#6$ PGeN }R#%$ PGe }R#$ QGe P:AnswerA+ }HR#H$ QGeP }6R#6$ QGeN }6R# 6$ QGeN }R#y$ QGe },S# ,$ RGe P:AnswerA }H,S# H,,$ ReLI *e Parent = UL A+e Depth = 0 }6,S# 6,$ RGeN }6,S# 6,$ RGeN },S# ,$ RGe }S #$ SGe P:Answer+ }HS #H$ SGeP }6S#6$ SG eN }6S#6$ SG!eN }S# $ SG"e },S#*,$ TG#e P:Answer }H,S#H,,$ T$eLI (e Parent = UL A)e Depth = 0 }6,S#6,$ TG%eN }6,S#6,$ TG&eN },S#,$ TG'e }S#$ UG,eCSS Export Encoding }S#$ UG-e }HS#^H$ UG.e }S#n$ VG/eExport Encoding }S#$ VG0e }HS#H$ VG1e dLeftd{Rightd Referenced dHeadingsd+HTMLd#HTMLdiHTMLd  f@P[TitleBody. @@ [Body. f@D [.Due DateBody. @@ [Mapping Table Title. @@ [Mapping Table Cell. f@T [Heading1Body. @@ [Mapping Table Title. @@ [Mapping Table Cell. f@  Body. @@ [Mapping Table Cell. @@ [Mapping Table Cell. @@ [Header Double Line. f@T [ TableTitleT:Table : . f@ [Body. f@ [ Footnote. f@  [ CellFooting. f@ [ Numbered.\t. f@E [ Numbered1.\tNumbered. @@ [Footer.  f@T [Heading2Body. $f@AE [$. LetteredA A:.Lettered. f@E [AnswerEmphasisAnswer: Body. $f@A [$. Lettered A:.\t. f@D [ BodyCenterBody. @   $H.l..... .D.h....Code. f@  [ CellHeading. f@H [ExerciseBoldH:Exercise . . f@ [ Hand. @   $H.l..... .D.h.... CodeCenter. f@T [ HeadingRunInBody. $$f@D [BodyListBody. $@   $H.l..... .D.h.... CodeIndent. f@ [ Indented. $$f@E [AnswerAEmphasisAnswer: Body. f@ [ TableFootnote. f@ [CellBody. f@T [ TableTitleT:Table : . $$f@D [AnswerA+EmphasisBody. f@ [Rule. @@ [ $ H l      D h  ManHeading. f@D [Answer+EmphasisBody. f@P [ Heading InfoBody. f@ [Body. f@ [ Numbered+. $f@ [$. Lettered+. f@ [ CellHeading. f@E [ Numbered1.\tNumbered. f@ [ Numbered.\t. f@ [ Bulleted\t. f@ [CellBody.  f@P[TitleBody. @@ [ ManHeading2. f@T [Heading1Body. @@ [ $ H l      D h  ManBody.  [ [ [ [ [ [[  33[ [/Bold 2  Code [[[Emphasis[EquationVariables  Code   [ [ThinMediumDoubleThick@ Very Thin H&5H&5H&5H&5H&5Format AH Mapping Table H&5H&5H&5H&5H&5Format BH Mapping Table 6Mlh pH  hhh   ( hhhh N UH> OH66K  N!)*$ j./0$hj123$h j456$hj789$h j:;<$h j= > ? $h j@ A B $h jC D E $h jF G H $Z jI J K L $j jMNOP$zjQRST$$ jUVW$4jXYZ$Dj[\]$z $^_`a$$bcde$:$fghi$²jjklm$x:jnopq$hjrstu$.:jvwxy$$z{|}$:$~$$$4 $$D$   $TK$   !,      ",!!!!!!#,""""""J,## #!#"#$%T$&$'$($)$*$$&$$+%,%-%.%/%$'%$0&1&2&3&4&$(&$5'6'7'8'9'$)'$:(;(<(=(>($*($?)@)A)B)C)$+)$D*E*F*G*H*$,*$I+J+K+L+M+$-+$N,O,P,Q,R,$.,$S-T-U-V-W-$b,/-$X.Y.Z.[.\.0.,]/^/_/`/a/1/,b0c0d0e0f0,20,g1h1i1j1k1,31,l2m2n2o2p242,q3r3s3t3u353,v4w4x4y4z464,{5|5}5~5575,6666686,7777 7,97, 8 8 8 88,:8,99999;9,:::::<:,;;;;;=;,<< <!<"<><,#=$=%=&='=?=,(>)>*>+>,>@>,-?.?/?0?1?A?,2@3@4@5@6@,B@,7A8A9A:A;ACA,B?B@BDB,ACBCCCDCECEC,FDGDHDIDJDFD,KELEMENEOEGE,PFQFRFSFTFHF,UGVGWGXGYG,IG,ZH[H\H]H^HJH,_I`IaIbIcI#I,dJeJfJgJhJ$dV$lKmKnK NrMsMtMMuNvNwNP$%O&O'O(OxOQO$yPzPPPPRP$QQQQ Q,SQ$ R R R RRTR$SSSSS,$S$TTTTTV$UUUKU$VVVComment LMMMd BlackT!WhiteddARedddGreendd BluedCyandMagentad YellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro M.Times.B Times-Bold FrameRoman M.Times.P Times-Roman FrameRoman M.Courier.PCourier FrameRoman M.Times.BITimes-BoldItalic FrameRoman M.Times.I Times-Italic FrameRoman M.Helvetica.BHelvetica-Bold FrameRomanlCourier1 HelveticaZTimes#Regular$Roman MediumBoldRegularItalic\ %*}q`'\jYJng)qCdޠS‚faA!Ny. ֦hHĤ tdsg.Lڱy[ o!1 I#Lc3mH3T4ͼ%7lu][/!/g4NZI2fd:5XVWn}wd:|Ρ