4112_lab5_10292007 - 1ECE 4112 Internetwork Security Lab 5:...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 ECE 4112 Internetwork Security Lab 5: Rootkits, Backdoors and Trojans Group Number: _______________ Member Names: _________________________ _________________________ Date Assigned: September 25, 2007 Date Due: October 2, 2007 Last Edited: October 29, 2007 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions and be sure you turn in ALL materials listed in the Turn-in Checklist ON or BEFORE the Date Due . Goal: This lab will introduce you to rootkits, which are malicious programs put on a computer by someone who has already gained access and wishes to keep it and perform other tasks while remaining hidden. In this lab you will also learn how backdoors can be used to gain access to a computer. You will also see how Trojan programs can be used to create these backdoors. Summary: In this lab you will be examining two different kinds of rootkits for Linux and one for Windows. The first one is a traditional rootkit named lrk4, which is one of the most popular and stable rootkits available for use. The second one is a kernel level rootkit named Knark. We will also look at four ways of seeing if a rootkit is installed, by using kern_check, chkrootkit, strace and Rootkit Hunter. For Windows XP we will use a rootkit called Hacker Defender. This rootkit allows us to hide files and processes and creates a backdoor on the machine that has it. Later in the lab, you will use Netcat to gain access to a machine. Then, you will examine the properties of a Trojan by using a software package called Virtual Network Computing (VNC). Next, you will be using a Trojan program called Back Orifice 2000. RootKit Part of the Lab: Background and Theory: Though actually developing the code for rootkits would be difficult and time intensive, today there are dozens and dozens of common rootkits that are posted online for anyone to use. Using them just becomes a matter of reading and understanding the README file. In this way, all sorts of people have access to rootkits and discovering them on a system becomes a huge task in itself. We will see both how some rootkits 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
are discovered and how some can go hidden if proper precautions are not taken or ineffective software is used. Lab Scenario: We will be installing rootkits on both our RedHat7.2 Virtual Machine and Windows XP Virtual Machine. It is assumed for this lab that we have already gained root access to our victim machine, although in reality this would have been an extra process, but for this lab we just want to focus on rootkits. (The use of a buffer overflow is most likely how an attacker would gain root access). First copy the lab5 contents from the NAS to your 7.2 virtual machine and to your virtual
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 115

4112_lab5_10292007 - 1ECE 4112 Internetwork Security Lab 5:...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online