VULNERABILITIES MEETING
January 22, 1999
11:00 – Noon
3085 ENG II

In attendance:
Matt Bishop (MB), Todd Heberlein (TH), Keith Herold (KH), and David O'Brien (DOB)


AGENDA:
Model of the Classification Scheme (handout)
DOVES Database
Isolated Network Group
Status of Various Projects
Vulnerabilities Analysis paper
Matt’s Class
NEXT WEEK:
Discuss/Review Matt's paper, "Vulnerabilities Analysis"
  1. Model of the Classification Scheme – Current Status
    1. MB - Paper, "Vulnerabilities Analysis"(handout), is in rough draft format in MS Word. The examples are vague, but Matt would like to firm up the paper and analyze and add to the model (break things down into characteristics)
  2. DOVES Database - Current Status
    1. There are 20 entries in SGML form that have been checked over. They include a short and long description and a test (repeat of long description or look at version number).
    2. Matt tried tinkering with the format, but is back to using the original format. There will be some formatting changes - JADE can't handle text that left alone - it justifies it. Matt needs to do a code block and then put a sanitized version on the DOVES web page. The sanitized versions will double check attacks, and pull out information on how to do the attacks.
    3. There have been problems doing style sheets for HTML - Netscape doesn't like style sheets and is changing the sizes of fonts.
  3. Isolated Network Group
    1. Ange McCleod is learning Microsoft Visual C++
    2. Matt is trying to get Ricardo Gomez to administer the NT machines.
    3. Brian Cameron likes doing the system administration on the UNIX machines
    4. Tom Tang is a student assistant interested in firewall in the isolated network. He will see if he can break into the TCP/IP Linux layers once a firewall is created.
    5. TH: Are any machines available to hack on? MB: They are pretty much in use. There are 3 Sun and 3 NT boxes on the isolated network - will add HP boxes when get holes in the hub
  4. Status of Various Projects
    1. DURIP
      1. Problems ordering the Dell Computers - held up in Purchasing for bids
      2. Grant expires at the end of February - Karl mentioned a no-cost extension
    2. Centrax
      1. Currently working with those machines
      2. Cisco router not received yet
      3. Work is going slowing - attack tools launched, built methodology
      4. Ricardo Gomez - learning about log files
      5. Currently not much interest in audit trails
        1. Chris Wee and Lynn Nakamura - audit trails - ask Chris to talk to the Isolated Network folks about raw audit trails
        2. www.ntinternals.com
      6. Shanker - EE student to test environment of Windows NT by taking a snapshot of the system, executing an attack, then taking a second snapshot of the system. He will be back in February.
    3. Intel
      1. Got three more machines
    4. Boeing
      1. DOB: Two machines from Boeing, one is running Guantlet
      2. TH: Able to access DARPA's TIC? DOB: Boeing tore down their network to reconfigure the machines. Use Jeff Rowe as a contact regarding the VPN.
    5. Denial of Service Meetings
      1. Wednesdays 9-10am
      2. John Hughes has funding from NASA to do DoS in the infrastructure; RFCs, TCP - try out more interesting attacks than SYN Flooding
    6. Trident Systems
      1. MB: No funding currently TH: A spin-off of Trident, L3 Security, includes Greg Adams and the vulnerabilities toolbox/risk analysis
  5. Vulnerabilities Analysis paper
    1. DOB: Creates rationale for a complexity measure in Section 4.2
  6. Matt's Class
    1. Students are doing penetration tests on Data General - strobe or nmap à hanging RPC
    2. Next project to describe and pseudo code an attack on Data General?
      1. TH: Include Solaris and NT Box? MB: Not currently, but a good idea.