Aaÿ!€€r€Ô€Ý™™  Å0 U €`°‚`0P €‚ @° @ðÀ0Pð0 HH $ €@ÃÂdÁ HHHH€ÌÌ€ÌÌ€ÌÌ€ff€@ÊøÊøÊøÿ€ÿÿÿ€ÿÿÿ€ÿÿÁÿÿö Êøÿÿÿÿÿÿÿÿ€™ d ïFootnote TableFootnote* à* à.\t.\t/ - Ð Ñ:;,.É!?-)d€s$5  d0TOCHeading1Heading2 SecurityFocuscvehandin newsgroupnmapsTtelnet   ZEquationVariables€€OÇLü::=Og%Ot&:Ð ;;R<<$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>;<$monthname> <$daynum>, <$year> <$hour>:<$minute00> <$ampm>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page Ò<$paratext>Ó on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See Ò<$paratext>Ó on page<$pagenum>. Table All7Table<$paranumonly>, Ò<$paratext>,Ó on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum>AHeadings-kHTML$A||~~‚‚A‚5y::: 5…5ˆ: M€N«N¬1.::::: ::::?:A:C:E:G:I:K:M:O:|:~:€:‚:„:†:ˆ:Š:Œ:Ž::’:”:–:˜:š:œ:ž:Ò:Ô:Ö:Ø:Ú:Ü:Þ:à:â:ä:æ:è;;;;;!;#;%;';);T;V;X;Z;\;^;`;b;d;fA ;jA A ;¤;§;©;«;­;¯;±A?;µ;·;¹;»;½;¿;ÁA-;Å;Ç;É;Ë;Í;Ï;ÑA;Õ;×;Ù;Û;ÝAA;îA/A1<AAAC<<<<>>>> > > >>>>>>>>>>!>#>%>'>)>+>->/>1>3>5>7>9>;JC>?>A>C>E>G>I>K>M>O>Q>S>U>WG‰JEGýJ¹HK=H•KQHùKµI KÉIAKý@ô@ö@øA•A— A™A›A AŸA¡A£ A¥N°2.LÿM M N·OTN¼OUO[O\NåO`OˆOŒO+O1.O“2.O”O˜O™Oœ1.O 2.Oªa.OfO'OjOmOsOƒNqO®b.O¯c.O°d.O·OÃ3.&ÂdÃqÁÂdÃ:ÂdÃO$$ ÂdÃM " H—´m³Rë‹™M H—´m³Rë‹™H RH R Footnote HÀrýÀ@‹™MHÀrýÀ@‹™HÀz·¯HÀz·¯ Single LineH§À´ŽÿðM Footnote ‚ ÀM ‚ À ‚ À™‚ HÀ¨ýÀD­‹™M HÀ¨ýÀD­‹™HÀ°·¯HÀ°·¯ Double LineHÀ¹ÿðÁÔŒM Double LineÁÔM ÁÔÁÔ„ÁÔM „ÁÔ„ÁÔ„HÀ…ÿúÁÔŠM  Single LineÁÔM ÁÔÁÔHZÀ´…ÿðM " TableFootnoteÂdÃ5p HHÁÔˆ5xHHÁÔˆ‰ÿÿG†ªªe HHÁÔˆ5zHHÁÔˆŽÿðl $$ÂÂÐ:$$ÂÂÐÀwÿýqG†ªªBm V $$ÂÂÐ:$$ÂÂÐŽÿðl€} : GeHeadings Table €} :  Ge €} :  Ge €}l: lG eHeading Level HÂíUVÁÔ 5„HÂíUVÁÔ ‰ÿÿG†ªªe HÂíUVÁÔ 5†HÂíUVÁÔ Žÿðl H$ÁÔ 5‡H$ÁÔ –G†ªªe H$ÁÔ 5‰H$ÁÔ Žÿðl HHÁÔˆ5ŠHHÁÔˆÂyU€ $$%& `Project: Part 2 €,`Goal (from part 1): ‚†ªª½ªª wThe goal of this project is to give you some experience in analyzing the security of a system. For this, you will play ÀIª©@ the role of a security analyst.  ÀXª¨ vYou work for a corporation that keeps its data on a system protected by a firewall. The system runs a web server that 0Àdª§vdisplays sanitized data. It should not display any sensitive data. Your bosses have asked you to determine the follow@ing two things:  Àª¥`gDoes the firewall correctly pass the traffic that it is supposed to pass, and block all other traffic? 1qÀ‹ª¤ kCan outsiders (those without accounts on the system) get access to any data beyond that displayed on pages @marked  Ïauthorized Ê? wÀ¦ª¢`DThe following outlines what you are to do to answer these questions uÀ½ÿ÷`Third Step: WWW {†ªªÀϪ¡ vWeÕll focus on the web server now. The first step in the analysis (the Flaw Hypothesis Methodology) is to learn about ÀÛª @Tsecurity problems in web servers, and in particular holes found in this web server. xÀôÿõ`Identify the web server v†ªªÁªŸ €First, figure out the type of the web server. Do this by a telnet to port 80 on the target host, 169.237.7.61 (see the  Ïtel Áªž@Anet Ê(1) manual page) and note the greeting. Then hit return. yÁª`4Due Ê: Please turn in the output from this step. zÁ8ÿò`+Learn about vulnerabilities in web servers |†ªªÁHªœ uThis step asks you to gain insight into problems that web servers have had in the past (and undoubtedly still have). ‰ULƒUUÁWU=€First, look for vulnerability reports on web servers. A good way to do this is to go to the site  Ïwww.securityfocus.com Ê X 4†ªªÁcU<xPlease go to this web site, and click on the Vulnerabilities entry in the left-hand menu. In the center, you will see a ymenu with 5 buttons, plus data below the row of buttons. This is the access point to their vulnerability database. Click @qon Òby keyword.Ó Now search for a string like Òweb serverÓ to obtain a list of web server vulnerability reports. ‚ ÁŠU9 uNow click on the first title (when I did this it was ÒIBM HTTP Server Denial of Service VulnerabilityÓ). Look at the ‰ULƒUUÁ˜ÿÚ}two lines: ÒclassÓ and ÒcveÓ. These give 2 classifications of the vulnerability. Y For more details, click on the Òdiscus†ªªÁ¤ÿÙ@YsionÓ button. (You can look at the ÒexploitÓ part, too; sometimes that is very helpful.) ‚Á³ÿØ pAnother good search would be to look at CGI script holes. These programs are run by web servers, and should conÁ¿ÿ×@]strain what the remote browser (user) can do. Unfortunately, they often donÕt work too well. ‚ ÁÎÿÖ`wFinally, see if you can find any reports of vulnerabilities in the specific type of server that the target is running. ‚ yDue Ê. Please submit the string(s) you used to search the database. Then look at no fewer than 10 reports, and submit 2ÁéÿÔotheir names and the two classifications of each. What seems to be the most common problem, or set of problems? |Finally, please submit the search string you use to look for vulnerability reports on the particular server, and the titles @hand classifications of any vulnerability reports. Do they apply to the version of the server being run? }ÂU'`Trying to get in W~†ªªÂ*ÿÑ``Based upon your results, try to gain access to the target. You can do this in a couple of ways: HHÁÔˆ5ŒHHÁÔˆ$Žÿðl€}À: ÀG eParagraph Format €}À:!ÀG e Comments €}l: )lGe4 ÀE¸ÏÀGxÅÀRªù‹™MÀE¸ÏÀGxÅÀRªù‹™ÀE¸ÏÀPwÀE¸ÏÀPw TableFootnote HHÁÔˆO HHÁÔˆÁ1ÿë$‚†ªª†ªª`lAttack the server directly. Try to exploit the types of vulnerabilities you uncovered in the previous part. ‚’ª© sAttack the CGI scripts provided for the server. (A list of these will be posted to the newsgroup. It is not guaran—ÿþ@teed to be complete!) ‚­ª§ oBoth parts have common elements. Buffer overflow attacks, strings with unusual characters as arguments, and so ¹ª¦sforth may produce surprises. So, you might proceed by looking back to the notes from the beginning of the term, in 0µUQmwhich common programming errors were discusses. Think about how that discussion correlates with the data you @Pfound in the previous step. This should give you a good idea of where to begin. ‚ À`ª£`'Due Ê. Please submit the following: ‚À”ªŸ mWhich of the 5 types of programming errors (see #3 on the notes for October 10, 2000) was most common in the À{ª¡@Qset of reports you found? Where does this suggest you should start your probing? ‚®ª§``Develop and run 3 tests on the web server or CGI scripts on the web server. For each test, say: ‚À–ªŸ`what the test tries to do; ‚ÁKª‘`how you are doing it; ‚`&what you expect the result to be; and ‚`what the results are. ‚ zYou need  Ïnot Ê make the tests attacks. However, they should be designed to tell you something about the serverÕs ÀÞªš@Q(or CGI scriptÕs) robustness and/or ability to confine the user to the web page. ‚Àíª™ sWrite a one-paragraph assessment of the security of the web server. In particular, do you think it prevents outsidÀùª˜rers from gaining unauthorized access to the system? Justify your opinion in light of the results of the first two ÿýµªÙ@parts of this ÒdueÓ section. ‚ Áÿì`Turning In Results W†ªªÁ.ª–`~Please submit them to the directory  Ïproj2 Ê using the  Ïhandin Ê program. This is due on December 8 at 11:59PM. HHÁÔˆO HHÁÔˆ##Žÿðl€~H”ÁÔ£ÿýOe&H”ÁÔ£ÿý¡ÿý‚†ªª†ªª gI recommend you either allow or disallow cookies before you go there (donÕt have the browser ask if it p’ª©dshould accept individual cookies). The cookies are harmless, but you get so many of them that being @iT1 jGeCharacter Macros €} :@i jGe €} :Bi jGe €}H:Di.2HjGe Character €}À:Fi13ÀjGe Replace With €}À:Hi24ÀjGe Comments €}H:Ji35HjGe¢ €}À:Li46ÀjGe¢ €}À:Ni5FÀjGe €}H:{i<8HjGeÉ €}À:}i79ÀjGe... €}À:i8ÀjGe €}H:i?;HjGeÐ €}À:ƒi:<ÀjGe- €}À:…i;7ÀjG e €}H:‡iB>Hj G!eÑ €}À:‰i=?Àj G"e-- €}À:‹i>:Àj G#e €}H:iEAHj G$e¡ €}À:i@BÀj G%e° €}À:‘iA=Àj G&e €}H:“iHDHj G'e¨ €}À:•iCEÀj G(e® €}À:—iD@Àj G)e €}H:™i6GHj G*e© €}À:›iFHÀj G+e© €}À:iGCÀj G,e €} :Ñi]M j G-eGeneral Macros €} :Ói j G.e €} :Õi j G/e €} :×i j G0e €}h:ÙiINhjG1e Macro Name €}h:ÛiMOhjG2e Replace With €}h:ÝiNPhjG3eHead €}À:ßiOQÀjG4e Comments €}h:áiPRhjG5e €}h:ãiQShjG6e €}h:åiRThjG7e €}À:çiS.ÀjG8e €} ;iX j G9eCross-Reference Macros €} ;i j G:e €} ;i j G;e €}À;iUYÀj G<e Macro Name €}À; iXZÀj G=e Replace With €}À;"iY[Àj G>e Comments €}À;$iZ\Àj G?e See Also €}À;&i[]Àj G@eSee <$paratext> €}À;(i\IÀj GAe €} ;S€#nb €$ GBeSystem Macros €} ;U€# €$ GCe €} ;W€# €$ GDe €} ;Y€# €$ GEe €}h;[€#^ch€$ GFe Macro Name €}h;]€#bdh€$ GGe Replace With €}h;_€#ceh€$ GHeHead €}h;a€#dfh€$ GIe Comments €}h:;c€#egh:€$ GJe StartOfDoc €}h:;e€#fhh:€$ GKe €}h:;g€#gih::€$ Pe L��e <$defaulttitle> N��e AOe €}h:;i€#h€h:€$ GMe €}h;¦€#qkh€$ GQeEndOfLastSubDoc €}h;¨€#jlh€$ GRe €}h;ª€#kmh€$ GSe €}h;¬€#lh€$ GTe €}h:;®€#uoh:€$ GUeStartOfLastSubDoc €}h:;°€#nph:€$ GVe €}h:;²€#oqh::€$ ue W��e <$defaulttitle> s��e Ate €}h:;´€#pjh:€$ GXe €}h;¶€#ysh€$ GYeEndOfFirstSubDoc €}h;¸€#rth€$ GZe €}h;º€#suh€$ G[e €}h;¼€#tnh€$ G\e €}h:;¾€#}wh:€$ G]eStartOfFirstSubDoc €}h:;À€#vxh:€$ G^e €}h:;€#wyh::€$ re _��e <$defaulttitle> p��e Aqe €}h:;Ä€#xrh:€$ G`e €}h;Æ€#€{h€$ Gae EndOfSubDoc €}h;È€#z|h€$ Gbe €}h;Ê€#{}h€$ Gce €}h;Ì€#|vh€$ Gde €}h:;΀#€h:€$ GeeStartOfSubDoc €}h:;Ѐ#~€h:€$ Gfe €}h:;Ò€#€h::€$ oe g��e <$defaulttitle> m��e Ane €}h:;Ô€#€zh:€$ Ghe €}h;Ö€#i€h€$ Gie EndOfDoc €}h;Ø€#€€h€$ Gje €}h;Ú€#€€h€$ Gke €}h;Ü€#€~h€$ Gle €} <€#€*€  €$ GveHTML Options Table €} <€# €$ Gwe €} <€# €$ Gxe €}À´< €#€€ À´€$ GyeControl €}À<"€#€ € À€$ GzeValue €}H<$€#€ € H€$ G{e Comments €}À´<&€#€ € À´€$ G|e Image Format €}À<(€#€ €À€$ G}eIMAGGIF €}H<*€#€ lH€$ G~e €} €6À€$ 'G€#eX:Page €}H<ò€#€5€7H€$ 'G€$e See Also €}6<ô€#€6€86€$ 'G€%eN €}6<ö€#€7€96€$ 'G€&eN €}À<ø€#€8€0À€$ 'G€'e €}À<ú€#€C€;À€$ (G€(eX:Heading & Page €}H<ü€#€:€<H€$ (G€)e See Also €}6<þ€#€;€=6€$ (G€*eN €}6=€#€<€>6€$ (G€+eN €}À=€#€=€5À€$ (G€,e €}À=€#€H€@À€$ )G€-eC:EquationVariables €}H=€#€?€AH€$ )G€.eEM €}6=€#€@€B6€$ )G€/eN €}6= €#€A€C6€$ )G€0eN €}À= €#€B€:À€$ )G€1e €}À=€#€M€EÀ€$ *G€2e C:Emphasis €}H=€#€D€FH€$ *G€3eEM €}6=€#€E€G6€$ *G€4eN €}6=€#€F€H6€$ *G€5eN €}À=€#€G€?À€$ *G€6e €}À=€#€R€JÀ€$ +G€7eC:Code €}H=€#€I€KH€$ +G€8eEM €}6=€#€J€L6€$ +G€9eN €}6=€#€K€M6€$ +G€:eN €}À= €#€L€DÀ€$ +G€;e €}À="€#€W€OÀ€$ ,G€<eC:Bold €}H=$€#€N€PH€$ ,G€=eEM €}6=&€#€O€Q6€$ ,G€>eN €}6=(€#€P€R6€$ ,G€?eN €}À=*€#€Q€IÀ€$ ,G€@e €}À=,€#€\€TÀ€$ -G€AeP:Title €}H=.€#€S€UH€$ -G€BeH* €}6=0€#€T€V6€$ -G€CeN €}6=2€#€U€W6€$ -G€DeN €}À=4€#€V€NÀ€$ -G€Ee €}À,=6€#€YÀ,€$ .G€Fe P:TableTitle €}H,=8€#€X€ZH,,€$ .ceLI €Ge Parent = OL Ade Depth = 0 €}6,=:€#€Y€[6,€$ .G€HeN €}6,=<€#€Z€\6,€$ .G€IeN €}À,=>€#€[€SÀ,€$ .G€Je €}À=@+€f€^À, /G€KeP:TableFootnote €}H=B+€]€_H, /G€LeP €}6=D+€^€`6, /G€MeN €}6=F+€_€a6, /G€NeN €}À=H+€`À, /G€Oe €}À=J+€k€cÀ, 0G€PeP:Rule €}H=L+€b€dH, 0G€QeP €}6=N+€c€e6, 0G€ReN €}6=P+€d€f6, 0G€SeN €}À=R+€e€]À, 0G€Te €}À,=T+€p€hÀ,, 1G€Ue P:Numbered1 €}H,=V+€g€iH,,, 1aeLI €Ve Parent = OL Abe Depth = 0 €}6,=X+€h€j6,, 1G€WeN €}6,=Z+€i€k6,, 1G€XeN €}À,=\+€j€bÀ,, 1G€Ye €}À,=^+€u€mÀ,, 2G€Ze P:Numbered €}H,=`+€l€nH,,, 2_eLI €[e Parent = OL A`e Depth = 0 €}6,=b+€m€o6,, 2G€\eN €}6,=d+€n€p6,, 2G€]eN €}À,=f+€o€gÀ,, 2G€^e €}À=h+€z€rÀ, 3G€_eP:Mapping Table Title €}H=j+€q€sH, 3G€`eP €}6=l+€r€t6, 3G€aeN €}6=n+€s€u6, 3G€beN €}À=p+€t€lÀ, 3G€ce €}À=r+€€wÀ, 4G€deP:Mapping Table Cell €}H=t+€v€xH, 4G€eeP €}6=v+€w€y6, 4G€feN €}6=x+€x€z6, 4G€geN €}À=z+€y€qÀ, 4G€he €}À=|+€|À, 5G€ieP:ManHeading2 €}H=~+€{€}H, 5G€jeP €}6=€+€|€~6, 5G€keN €}6=‚+€}€6, 5G€leN €}À=„+€~€vÀ, 5G€me €}À=†+ À, 6G€ne P:ManHeading €}H=ˆ+H, 6G€oeP €}6=Š+6, 6G€peN €}6=Œ+6, 6G€qeN €}À=Ž+€{À, 6G€re €}À=+À, 7G€se P:ManBody €}H=’+H, 7G€teP €}6=”+6, 7G€ueN €}6=–+ 6, 7G€veN €}À=˜+À, 7G€we €}À,=š+ À,, 8G€xe P:LetteredA €}H,=œ+ H,,, 8]eLI €ye Parent = OL A^e Depth = 0 €}6,=ž+ 6,, 8G€zeN €}6,= + 6,, 8G€{eY €}À,=¢+ À,, 8G€|e €}À,=¤+À,, 9G€}e P:Lettered €}H,=¦+H,,, 9[eLI €~e Parent = OL A\e Depth = 0 €}6,=¨+6,, 9G€eN €}6,=ª+6,, 9GeY €}À,=¬+ À,, 9Ge €}À=®+À, :Ge P:Indented €}H=°+H, :GeP €}6=²+6, :GeN €}6=´+6, :GeN €}À=¶+À, :Ge €}À=¸+"À, ;GeP:HeadingRunIn €}H=º+H, ;GeP €}6=¼+6, ;G eN €}6=¾+6, ;G eN €}À=À+À, ;G e €}À=Â+'À, <G e P:Heading2 €}H=Ä+ H, <G eH* €}6=Æ+!6, <GeN €}6=È+ "6, <GeN €}À=Ê+!À, <Ge €}À=Ì+,$À, =Ge P:Heading1 €}H=Î+#%H, =GeH* €}6=Ð+$&6, =GeN €}6=Ò+%'6, =GeN €}À=Ô+&À, =Ge €}À=Ö+1)À, >GeP:Heading Info €}H=Ø+(*H, >GeP €}6=Ú+)+6, >GeN €}6=Ü+*,6, >GeN €}À=Þ++#À, >Ge €}À=à+6.À, ?GeP:Hand €}H=â+-/H, ?GeP €}6=ä+.06, ?GeN €}6=æ+/16, ?GeN €}À=è+0(À, ?Ge €}À=ê+;3À, @G e P:Footnote €}H=ì+24H, @G!eP €}6=î+356, @G"eN €}6=ð+466, @G#eN €}À=ò+5-À, @G$e €}À,=ô+@8À,, AG%e P:Exercise €}H,=ö+79H,,, AYeLI &e Parent = OL AZe Depth = 0 €}6,=ø+8:6,, AG'eN €}6,=ú+9;6,, AG(eN €}À,=ü+:2À,, AG)e €}À=þ+E=À, BG*e P:Due Date €}H>+<>H, BG+eP €}6>+=?6, BG,eN €}6>+>@6, BG-eN €}À>+?7À, BG.e €}À>+JBÀ, CG/e P:CodeIndent €}H> +ACH, CG0eP €}6> +BD6, CG1eN €}6>+CE6, CG2eN €}À>+D<À, CG3e €}À>+OGÀ, DG4e P:CodeCenter €}H>+FHH, DG5eP €}6>+GI6, DG6eN €}6>+HJ6, DG7eN €}À>+IAÀ, DG8e €}À>+TLÀ, EG9eP:Code €}H>+KMH, EG:eP €}6> +LN6, EG;eN €}6>"+MO6, EG<eN €}À>$+NFÀ, EG=e €}À>&+YQÀ, FG>eP:CellHeading €}H>(+PRH, FG?eP €}6>*+QS6, FG@eN €}6>,+RT6, FGAeN €}À>.+SKÀ, FGBe €}À>0+^VÀ, GGCe P:CellBody €}H>2+UWH, GGDeP €}6>4+VX6, GGEeN €}6>6+WY6, GGFeN €}À>8+XPÀ, GGGe €}À,>:+c[À,, HGHe P:Bulleted €}H,><+Z\H,,, HWeLI Ie Parent = UL AXe Depth = 0 €}6,>>+[]6,, HGJeN €}6,>@+\^6,, HGKeN €}À,>B+]UÀ,, HGLe €}À>D+h`À, IGMe P:BodyList €}H>F+_aH, IGNeP €}6>H+`b6, IGOeN €}6>J+ac6, IGPeN €}À>L+bZÀ, IGQe €}À>N+€"eÀ, JGRe P:BodyCenter €}H>P+dfH, JGSeP €}6>R+eg6, JGTeN €}6>T+fh6, JGUeN €}À>V+g_À, JGVe ÂdÃ>kk $$ÂÂÐ>‚i$$ÂÂÐÀüU9kUX[IMQ.14FC@=:7$$ÂÂÐ>„i$$ÂÂЀ%jjŽÿðl€}À´@ó€#€mÀ´€$ KGee!Copy Files Imported by Reference €}À@õ€#lnÀ€$ KGfeN €}H@÷€#m^H€$ KGge €}lA”tplLGhe1 €}ÀA–oqÀLGi eTitle €}ÀA˜pÀLGje €}lAšwslMGke3 €}ÀAœrtÀMGle Heading2 €}ÀAžsoÀMGme €}l‘ÿþA *vl‘ÿþNGne2 €}À‘ÿþA¢uwÀ‘ÿþ‘ÿþNGo‰UTe Heading1 €}À‘ÿþA¤vrÀ‘ÿþNGpe ÂdÃLõ|‚H$ÁÔ Lö{~H$ÁÔ }}Žÿðl H$ÁÔ L÷{H$ÁÔ –|Wr †ªª†ªªh/ UProject: Part 2 aECS 153 Ñ Fall 2000 HÂíUVÁÔ Lø{|‚HÂíUVÁÔ  Žÿðl HÂíUVÁÔ Lù{HÂíUVÁÔ ‰ÿÿ~Ws†ªª†ªªl`Version of  Ë bNovember 30, 2000 11:53 am cPage  Ë d# e of  Ë f2 g HHÁÔˆLú{~HHÁÔˆ‚‚ Žÿðl HHÁÔˆLû{HHÁÔˆ‰ÿÿ‚Wt†ªª†ªªe ÂdÃLeftÂdÃ{RightÂdà ReferenceÂdà ÂdÃHeadingsÂdÃ+HTMLÂdÀ#HTMLÂdÃiHTMLÂdà €æf™€@€€€™P[TitleBody. €À@€@€€€™ [Body. €æf™€@€€€™D [ÁÔ.Due DateBody. €À@€@€€€™ [Mapping Table Title. €À@€@€€€™ [Mapping Table Cell. €æf™€@€€€™T [Heading1Body. €À@€@€€€™ [Mapping Table Title. €À@€@€€€™ [Mapping Table Cell. €À@€@€€€™ [Mapping Table Cell. €À@€@€€€™ [Mapping Table Cell. €À@€@€€€™ [Mapping Table Cell. €À@€@€€€™ [Mapping Table Cell. €À@€@€€€™ [ÀêÁÔHeader Double Line. €æf™€@€€€™T [ TableTitleT:Table : . €æf™€@€€€™ [Body. ž€æf™€@€€€™ [ž Footnote. €æf™€@€€€™  [ CellFooting. €æf™€@€€€™ [ Numbered.\t. €æf™€@€€€™E [ Numbered1.\tNumbered. €À@€@€€€™ [ÀêÁÔFooter. €æf™€@€€€™T [Heading2Body. ž€æf™€@€€€™ [ž Footnote. €æf™€@€€€™T [Heading2Body. $€æf™€@€€€™AE [$. LetteredA A:.Lettered. $€æf™€@€€€™AE [$. LetteredA A:.Lettered. $€æf™€@€€€™A [$. Lettered A:.\t. €æf™€@€€€™E [AnswerEmphasisAnswer: Body. €æf™€@€€€™ [ Numbered+. $€æf™€@€€€™A [$. Lettered A:.\t. €æf™€@€€€™D [ BodyCenterBody. €@€€€™   $H.l.À.À´.ÀØ.Àü.Á .ÁD.Áh.ÁŒ.Á°.ÁÔ.Code. €æf™€@€€€™  [ CellHeading. €æf™€@€€€™H [ExerciseBoldH:Exercise . . €æf™€@€€€™ [ Hand. €@€€€™   $H.l.À.À´.ÀØ.Àü.Á .ÁD.Áh.ÁŒ.Á°.ÁÔ. CodeCenter. €æf™€@€€€™T [ HeadingRunInBody. $$€æf™€@€€€™D [ÀBodyListBody. $€@€€€™   $H.l.À.À´.ÀØ.Àü.Á .ÁD.Áh.ÁŒ.Á°.ÁÔ. CodeIndent. €æf™€@€€€™ [ Indented. $$€æf™€@€€€™E [AnswerAEmphasisAnswer: Body. ž€æf™€@€€€™ [ž TableFootnote. €æf™€@€€€™ [CellBody. €æf™€@€€€™T [ TableTitleT:Table : . $$€æf™€@€€€™D [AnswerA+EmphasisBody. €æf™€@€€€™ [Rule. €À@€@€€€™ [ $ H l À À´ ÀØ Àü Á  ÁD Áh ÁŒ ManHeading. €æf™€@€€€™D [Answer+EmphasisBody. Òñ €æf™€@€€€™P [ Heading InfoBody. €æf™€@€€€™ [Body. €æf™€@€€€™ [ Numbered+. $€æf™€@€€€™ [$. Lettered+. €æf™€@€€€™ [ CellHeading. €æf™€@€€€™E [ Numbered1.\tNumbered. €æf™€@€€€™ [ Numbered.\t. €æf™€@€€€™ [ Bulleted¥\t. €æf™€@€€€™ [CellBody.  €æf™€@€€€™P[TitleBody. €À@€@€€€™ [ÀêÁÔ ManHeading2. €æf™€@€€€™T [Heading1Body. €À@€@€€€™ [ $ H l À À´ ÀØ Àü Á  ÁD Áh ÁŒ ManBody.  [ [[ [þþþ [þþþ [ [[  €33[ [/âôBold 2 ÿóü Code [[€[þþþEmphasis€[þþþEquationVariables [þþþ [þþþÿÿÿÿÿÿÿÿÿÿÿÿ€€ÿÿÿÿ€€ÿÿÿÿÿÿÿÿ€€ThinMedium€€DoubleThick€@ Very Thin H&5H&5H&5H&5H&5Format AH Mapping Table H&5H&5H&5H&5H&5Format BH Mapping TableÁŒ ÀGÿþLlÀÀÁh pHÀÀÁÈ  hhhÀÁ°  ÀÀÀÁ  Á( hhhhÁŒ  KÀ´ÀHÁÔ>ÃD $ÀH66ÀNÁŒ ÃðˆÁŒÃð‡ ÁŒÃðN‡!)*Áh Ãðjˆ./0ÁhÃðj‡123ÁhÃð j‡456ÁhÃðj‡789ÁhÃð j‡:;<ÁhÃð j‡= > ? ÁhÃð j‹@ A B ÁhÃð j‡C D E ÁhÃð j‡F G H ÁÈ ÃðjˆI J K L ÁÈÃð j‡MNOPÁÈÃðj‡QRSTÁ° ÃðjˆUVWÁ°Ãðj‡XYZÁ°Ãðj‡[\]Á  Ãð€$ˆ^_`aÁ Ãð€$‡bcdeÁ :Ãð€$‡fghiÁ Ãð€$‹jklmÁ :Ãð€$‡nopqÁ Ãð€$‡rstuÁ :Ãð€$‡vwxyÁ Ãð€$‹z{|}Á :Ãð€$‡~€€Á Ãð€$‡€€€€ÁŒ Ãð€$ˆ€€€ÁŒÃð€$‡€ € € ÁŒÃðK€$‡€ € €ÁÔ Ãð!,ˆ€ € € € € ÁÔÃð ",‡€!€!€!€!€!ÁÔÃð!#,‡€"€"€"€"€"ÁÔÃð"J,‡€#€#€ #€!#€"#ÁÔÃð%€$‹€&$€'$€($€)$€*$ÁÔÃð&$€$‡€+%€,%€-%€.%€/%ÁÔÃð'%€$‡€0&€1&€2&€3&€4&ÁÔÃð(&€$‡€5'€6'€7'€8'€9'ÁÔÃð)'€$‹€:(€;(€<(€=(€>(ÁÔÃð*(€$‡€?)€@)€A)€B)€C)ÁÔÃð+)€$‡€D*€E*€F*€G*€H*ÁÔÃð,*€$‡€I+€J+€K+€L+€M+ÁÔÃð-+€$‹€N,€O,€P,€Q,€R,ÁÔÃð.,€$‡€S-€T-€U-€V-€W-ÁÔ,Ãð/-€$‡€X.€Y.€Z.€[.€\.ÁÔÃð0.,‡€]/€^/€_/€`/€a/ÁÔÃð1/,‹€b0€c0€d0€e0€f0ÁÔ,Ãð20,‡€g1€h1€i1€j1€k1ÁÔ,Ãð31,‡€l2€m2€n2€o2€p2ÁÔÃð42,‡€q3€r3€s3€t3€u3ÁÔÃð53,‹€v4€w4€x4€y4€z4ÁÔÃð64,‡€{5€|5€}5€~5€5ÁÔÃð75,‡66666ÁÔÃð86,‡7777 7ÁÔ,Ãð97,‹ 8 8 8 88ÁÔ,Ãð:8,‡99999ÁÔÃð;9,‡:::::ÁÔÃð<:,‡;;;;;ÁÔÃð=;,‹<< <!<"<ÁÔÃð><,‡#=$=%=&='=ÁÔÃð?=,‡(>)>*>+>,>ÁÔÃð@>,‡-?.?/?0?1?ÁÔÃðA?,‹2@3@4@5@6@ÁÔ,ÃðB@,‡7A8A9A:A;AÁÔÃðCA,‡B?B@BÁÔÃðDB,‡ACBCCCDCECÁÔÃðEC,‹FDGDHDIDJDÁÔÃðFD,‡KELEMENEOEÁÔÃðGE,‡PFQFRFSFTFÁÔÃðHF,‡UGVGWGXGYGÁÔ,ÃðIG,‹ZH[H\H]H^HÁÔÃðJH,‡_I`IaIbIcIÁÔÃð#I,‡dJeJfJgJhJÁŒÃð€$‡lKmKnKÁŒÃðM‹oLpLqLÁŒÃðNL‡rMsMtMÁŒ‘ÿþÃðM‡uNvNwNComment LýMMMd ÿÿÿÿBlackT!ÿÿÿÿWhiteddAÿÿÿÿRedddÿÿÿÿGreendd ÿÿÿÿBluedÿÿÿÿCyandÿÿÿÿMagentad ÿÿÿÿYellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro€ M.Times.B Times-Bold FrameRoman M.Times.P Times-Roman FrameRoman M.Courier.PCourier FrameRoman M.Times.BITimes-BoldItalic FrameRoman M.Times.I Times-Italic FrameRoman M.Helvetica.BHelvetica-Bold FrameRomanmCourier1 HelveticaZTimes#Regular$Roman MediumBoldRegularItalicà.d}(h±]¶*´¦š»û_kâ(‹œT>ê Ô •™%9ÖÙ;Ù¦Îlu«/†æ$Z"¾ÒÔÀÅ8…ó!àö•XCáÐ?w æ鹜´hœwÕW-ÀÈ[¤ÎáîF*²¼í`×ó¤Æï6Öß/ùXf¿ä–Qò#ð3Šj4cWÞª¯öó¯ÿ"dÙçkCàlgüO_#pMG8ËÅtuªÍ°}Ò”ü~æî^@$Þõ&