Information Assurance |
Clay Shields |
Information Assurance |
Because it is a public computer network, the internet carries raffic from everyone, all around the world. Most people never look, but if you do, you will find that machines all over the world are regularly examining computers attached to the network to determine if these machines have any obvious vulnerabilities that can be easily exploited. For this project, we are going to take a look at what is going on in the network, and who is doing it. Part 1 - Network MonitoringFor the first part of this project, you will install software on some computer that is connected to a public network. This software will monitor attempted connections to your system. If you have a computer and broadband access where you live, I strongly encourage you to perform this experiment there. Otherwise, talk to me and we can arrange for you to perform the experiment on a machine in one of the campus labs.The software we will use will monitor attempted connections to your computer, and will create a log of those connections. There are a variety of products that are free and will work well. I suggest the following, though you are free to find others. In general, this software falls under the category of "Personal Firewalls" though if you are running Linux or some other Unix-like OS, there are a number of network security tools that will do the same thing. Of the tools below, I have only ever verified the first one in the list for each OS. Others are listed as suggestions to try out.
If you have a router at home, it probably has a firewall built into it. Most will allow you to either log packets at the router, or to turn off the firewall temporarily to monitor probing. Note that if you turn off the firewall, you should make sure all machines behind it are patched first. GoalsNo matter which OS and software you use, our goal is the same. We want to monitor and record the IP addresses of machines that attempt to connect to your computer over at least a 24 hour period, though longer is better. You should configure whatever software you are using to record the IP addresses of machines that attempt to connect to your system and which ports they attempt to connect to. Details on how to do this will vary depending on what you are using.
Part 2 - Probe Source LocationOnce you have collected information about connections to your system, you will analyze the information.
Stuff you gotta do Examine the connection attempts that you received in your log file. Try and determine which represent attacks, and which connections are erroneous or harmless.
For the connections that might be harmful, consider:
Bonus Possibilities: For potential bonus points, consider doing some of the following:
Your submission is due before or in class on the due date. Please submit the log you gathered or used in Part 1 by plain text e-mail attachment. Please print the analysis from Part 2 and bring it to class. |