| Synthetic Sendmail |
| Synthetic ftp |
| Live lpr |
| xlock |
| Live named |
| Login and ps |
| Data Sets and Software |
General information
synthetic UNM lpr data
Synthetic data for lpr were collected at UNM on Sun SPARCstations running unpatched SunOS 4.1.4 with the included lpr. We used strace to collect the data. Experiments on this data are reported in our Journal of Computer Security paper.Use the original SunOS mapping file for these traces.
lprcp intrusion: The lprcp attack script uses lpr to replace the contents of an arbitrary file with those of another. This attack exploits the fact that older versions of lpr use only 1000 different names for printer queue files, and they do not remove the old queue files before reusing them. The attack produces 1001 traces. In the first trace, lpr places a symbolic link to the victim file in the queue. The middle traces advance lpr's counter, until on the last trace, the victim file can be overwritten with the attacker's own material. 8LGM Advisory: look for [8lgm]-advisory-3.unix.lpr.19-aug-1991.
 |
Computer Science
Department, Farris Engineering Building, University of New Mexico, Albuquerque, NM 87131 Phone: (505) 277-3112 Fax: (505) 277-6927 Email: forrest@cs.unm.edu |