CPSC689-609 Homework

You are required to finish two assignments in this homework. There are totally 15 (plus 5) points you can get. You may use C, C++ or Java for this homework.

1. Write a program to reassemble telnet and ftp sessions. Your program should display for each telnet and ftp session, in ASCII format, the command/response between the client and the server. Your program should also record byte distribution information in the payloads of the whole sessions (in both directions). (8 pts.)
 * The input is a network trace. A sample pcap trace with telnet and ftp sessions is available here for your test.
 * The output format is up to you; however, the output must be ascii readable, so convert any unreadable characters to some numeric value (e.g., %u, %d).
 * You may need to consult the relevant RFCs for the tcp/telnet/ftp protocols.
 * You can use libpcap library in your program. You can refer to existing open source projects (e.g., tcpdump, snort, bro) and modify them according to your purpose.
 * In submission, you should also include plots of the session byte distribution that your program has recorded. You can use matlab, Gnuplot to plot the graphs.


2. Write a simple program with a buffer/stack overflow bug, then design and implement an attack that exploits the bug so that the your injected code gets run (e.g., via stack smashing and code injection). You need to submit the program and the attack code, with a description of how the program and the attack work. You should be able to demonstrate your program and attack during my office hours. (7 pts.)

[Optional requirements] (If you finish the following optional requirements,  you will get EXTRA 5 points] 
 * Implement your solution in the client-server architecture. Your vulnerable server program can listen on port 23 (pretend to be a telnet service) or other ports at your choice. Your client program sends out the buffer overflow attack to exploit the server program. In test, your client/server programs can run on the same PC. You can google "socket programming" for network programming reference.
 * You can refer to existing open source projects (e.g.,  Metasploit project) if necessary.
 * Record the attacking network trace using tcpdump or wireshark. Run the program you have finished in the first assignment, re-plot the session byte distribution, and compare with the previous plots from the first assignment.



Submit your homework to me with the subject "CPSC689-Homework" and attach your file <your_name>-hw.tgz (or .zip) containing:
    * Compilable source code of your solution for the two assignments.
    * A report describing everything I should know to be able to test your solution, as well as the plots and any of your finding/conclusion.