Csc72010: Computer Networks, F22 Project 2 Open due date, no later than 12/5 Suggest to turn in by 11/23
The goal of this project is to explore the scanning activities and
intrusion attempts that may happen in the Internet day-to-day. In this
project, you should build a MOCK FTP server, which records port scan
attempts and login activities (e.g. log the user name and password of
any login attempt) through port 21. Your mockFTP server should be able
to do the following: 1. Keep logs of login attempts by writing down the
explored user name, password, the timestamp of the event, and the source
IP. Your code should be able to record the TTL value of the ftp
connection request. 2. Allow total of THREE login attempts. For each
failed login, the program should return an error message to the client.
3. After three failed attempts, your program should terminate. (Note:
your mockFTP server should ALWAYS terminate without allowing any file
upload or download.) 4. Your mock server should be able to record port
scan activity, which usually only request a connection establishment
without any login attempt (i.e., without any user name or password).
After the mockFTP program is written, you need to keep it up and running
on a host machine for continuous periods of time ranging from 18 hours
to any number of days if resource allows. Please do collect traces from
at least three different time periods (with the minimum length of 18
hours) and for at least 72 hours totally. If you do have adequate
resource, you should continuously run the mockFTP program for 3 days or a
week or even longer without any interruption, in which case, you don’t
need to take separate measures. However, if you choose to run the server
for a long period of time, you’d better have a “check up” mechanism to
periodically check whether there were any activities going on over the
measurement period, so that you can discover any problem with the
program if no activity was observed after a considerable amount of time.
In this experiment setup, you need to make sure that your host
machine is “observable” to the Internet, i.e., any user in the Internet
can “connect” to your mockFTP server from anywhere. One hint is that you
need to configure port 21 to be forwarded to the monitoring host, which
runs the mockFTP server, in your network. While your mockFTP server
keeps its own logs of accessing activities, please run Wireshark (or
Ethereal, or TCPDump) simultaneously during any of your experiment time
period. Therefore, in the end, you will have two sets of log files, one
from your own mockFTP program, and the other from Wireshark. After the
traces are collected, perform a trace analysis and hand in a Report
that includes the following essential information: Describe the
setup of your experiment testbed in detail, e.g., provide a simple graph
illustrating the systems (e.g., residential Access Point, the
monitoring host, etc.) used in the testbed and their physical
relationships. Attach the mockFTP program that you wrote. It can be written in any programming language.
Provide discussions about the time period(s) of your measurement, what
you have observed from the gathered traces, etc.. For example, the
number of login attempt observed during a given time period, the
location or domain of the source IP of those logins, are there any
multiple attempts from the same source over time, etc. Please
compare the logs from your program and those from Wireshark, and discuss
any interesting observations. Please attach sample traces from both
your log file and the corresponding pcap file to facilitate the
discussion. Other than the above essential items, please feel free to
add any other discussion in your report. There is no page limit for the
report. Please feel free to use any figures or tables. Before start
coding, it will be helpful if you can review how FTP works and its
common commands first. When finish coding the mockFTP server and when
you are ready to put the server up running, try to find ways to
“advertise” the connection. You may use any online resource for this
project. However, when you do so, please put corresponding reference in
your report. Fail of including appropriate reference will result in
significant grade deduction for your project or more serious penalty.
To save time for the measurement, START working on the project NOW!
Please email any questions to: pji@gc.cuny.edu
