| Synthetic Sendmail |
| Synthetic ftp |
| Synthetic lpr |
| Live lpr |
| xlock |
| Login and ps |
| Data Sets and Software |
Generation information
UNM live named data
The named program from BIND 4.9.6 was traced on a UNM computer running a modified Linux 2.0.35 kernel which allows us to collect system call traces. These data were used in experiments reported in the Alternative Data Models paper.Normal data were collected for one month. This produced a single daemon trace with approximately 9 million system calls, and 26 subprocess traces (07/98). All are included in a single gzipped file
The exploit against the named program is a buffer overflow allowing a remote user to gain root access through a specially-formulated DNS query.
We have two sample traces of successful intrusions. In the first, the user gains root access and then types "id"; in the second, the user gains root access but does nothing before exiting.
Use the linux 4.2 mapping file for these traces.
 |
Computer Science
Department, Farris Engineering Building, University of New Mexico, Albuquerque, NM 87131 Phone: (505) 277-3112 Fax: (505) 277-6927 Email: forrest@cs.unm.edu |