Computer Immune Systems
Data Sets
Synthetic Sendmail
Synthetic ftp
Synthetic lpr
Live lpr
Login and ps
Data Sets and Software

Generation information

UNM live named data

The named program from BIND 4.9.6 was traced on a UNM computer running a modified Linux 2.0.35 kernel which allows us to collect system call traces. These data were used in experiments reported in the Alternative Data Models paper.

Normal data were collected for one month. This produced a single daemon trace with approximately 9 million system calls, and 26 subprocess traces (07/98). All are included in a single gzipped file

The exploit against the named program is a buffer overflow allowing a remote user to gain root access through a specially-formulated DNS query.

CERT Advisory

We have two sample traces of successful intrusions. In the first, the user gains root access and then types "id"; in the second, the user gains root access but does nothing before exiting.

Use the linux 4.2 mapping file for these traces.

Computer Science Department, Farris Engineering Building,
University of New Mexico, Albuquerque, NM 87131
Phone: (505) 277-3112 Fax: (505) 277-6927