This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 18-731 Network SecurityProgramming Assignment 1Assigned: 6 March 2008Due: 27 March 2008 11:59pm EST1Introduction to Autolab1. You will use the AutoLab system to download the assignment, as well as submit yourfinished code for grading. The autolab server is available athttp://vivendi.lab.ece.cmu.local:18731/.2. Since this is your first time using AutoLab, you must Create your account before you canaccess its functionality. To do this, select the ”Create” link along the top of the web pagefor this course. You must use your andrew ID as your username, but make sure you usea unique password for this system. Since this is a security course, your information isinherently at a higher risk of compromise. Use a password that you do not use anywhereelse.3. Once your account on AutoLab has been created, you will be able to log in and view allactive assignments. Currently, this is the only one.2TCP Reset Attack Programming Assignment1. Write a simple TCP client-server application with the following characteristics: the server’sreceive buffer is set to at leastbytes and the client side sends periodic bursts of datato the server. Each burst of data should consist of one line of a file which is specified onthe command line.2. Use thelibnetlibrary to implement the TCP Reset Attack exploit (TCP poisioning).Your program should send a stream of spoofed reset packets to the server application;each packet should cover an appropriate range of potential TCP sequence numbers. Thewebpage to libnet is located at:http://www.packetfactory.net/libnet13Detailed specification for client, server and attack codeTo get you started we have provided the skeleton code for the client, server and attack code,named client.c server.c and reset.c respectively. We have also provided a Makefile that you canuse to compile the programs. Please do NOT change the names of these files nor the content ofthe Makefile, as the autograder will use the exact same Makefile to grade your solutions.Note that this is the EXACT specification of the behavior of the server, client and attack codethat we expect. Failure to follow this specification means that you will receive zero credit foreach test case.3.1General RequirementsAll output must go to stdout. Any output to stderr or to a file will be ignored.3.2ServerThe server should be reading data from the client as described above. The server will take in-puts ofserver ipserver port, so the TAs will invoke the server program as follows:./serverserver ipserver portThe output of the server will be the number of bytes it reads from each read() from the socket.The output of the server will be the number of bytes it reads from each read() from the socket....
View Full Document
- Spring '08
- Universal Serial Bus, Transmission Control Protocol, Client-server, attack code