Outline for January 13, 2003

Reading: Text, §23.1-23.2

Discussion Problem

What is suspicious about the following "ls" output?

host % ls -sail /var/mail
271873    1 drwxrwxrwt   3 root          512 Feb 21 12:26 ./
  3776    1 drwxrwxr-x  20 root          512 Aug 19  1996 ../
275649    1 drwxrwxr-x   2 root          512 Sep 11 12:43 :saved/
272086    0 -rw-rw----   1 ann             0 Feb 21 12:36 ann
272088    1 lrwxrwxrwx   1 bob            32 Feb 21 10:23 bob -> /etc/passwd
272087    4 -rw-rw----   1 bob          3515 Feb 21 12:23 cheryl

Outline for the Day

1. System Analysis
   1. Learn everything you can about the system
   2. Learn everything you can about operational procedures
   3. Compare to other systems
2. Hypothesis Generation
   1. Study the system, look for inconsistencies in interfaces
   2. Compare to other systems' flaws
   3. Compare to vulnerabilities models
3. Hypothesis testing
   1. Look at system code, see if it would work (live experiment may be unneeded)
   2. If live experiment needed, observe usual protocols
4. Generalization
   1. See if other programs, interfaces, or subjects/objects suffer from the same problem
   2. See if this suggests a more generic type of flaw
5. Peeling the Onion
   1. You know very little (not even phone numbers or IP addresses)
   2. You know the phone number/IP address of system, but nothing else
   3. You have an unprivileged (guest) account on the system.
   4. You have an account with limited privileges.
6. Example Penetration Studies
   1. Michigan Terminal System
   2. Burroughs System
   3. Attacking the Organization Directly