This exercise requires basic OS and networking knowledge, understanding of Denial of Service (DoS) and buffer overflows. It also involves coding skills. It can be done in introductory and advanced security classes.
Before the exercise you need to perform the following steps:
$ ./setexpgroups.sh ProjName expgroups mysql
mysql (contained in the local folder
setups/) is the configuration of the bank service offered by the server, whereas
expgroups (contained in the local folder
groups/) is a text file which specifies, by means of its two lines, the names of the experiments and the associated group names. An example the
expgroups file is shown down here.
exp1 exp2 exp1-attack-group exp1-defense-group exp2-attack-group exp2-defense-group
<REPLY BEGIN: THE LAST STEP IS NOT CLEAR. WHICH IS THE SEMANTICS OF THE SECOND LINE?>
In this specific case, we declare in the first line the experiment ID, and the list of the respective attack and defense groups. Therefore, the experiment
exp1 contains the attack group
exp1-attack-group and the
defense group, meanwhile the experiment
exp2 is related to the attack group
exp2-attack-group and the defense group
<REPLY END: THE LAST STEP IS NOT CLEAR. WHICH IS THE SEMANTICS OF THE SECOND LINE?>
This step will ensure that during exercise team members cannot log into machines controlled by the opposing team and spy on them.