Project Results

As promised, here are the results of the project.

Part 1: Firewall

The goal was to see what the firewall would let through. Pretty much everyone figured out that the HTTP and SSH ports were open. All the other ports were closed. There were inconsistent results, for two reasons. First, the probes that relied on timeouts to determine if ports were opened were inconsistent because of network use (we were pounding it for a bit). Second, at one point the firewall logs filled up and hung the system.

Part 2: System Behind the Firewall

We had a number of successes in the attack on the system. Pretty much everyone concluded it was a Linux system; some even got the kernel version. Some got in. There were two types of successes. We anticipated one; we missed the other.

  1. Attacks through the Web Server Here, Tom and I doctored a couple of CGI scripts. The phf one was too easy, so we put out a bogus phf script that just said no. However, the finger script stripped out the first semi-colon but not the second. A number of people found this. They got access to the server as nobody, and were able to read various files, including the password file.
  2. The Direct Approach This one we didn't expect, and there were two variants. First, when we were discussing weak passwords in class, I mentioned the root password, but didn't realize I had done so. Two groups tried guessing passwords, and found it. OOPS! Another group used the first attack to get the password file and then looked for joes (accounts with the login name as the password). They found one. They didn't get root access, but did get into the system.

Conclusion

You all did a good job!


Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: [email protected]
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 12/31/2000