Computer Immune Systems
Data Sets
Synthetic Sendmail
Synthetic ftp
Live lpr
xlock
Live named
Login and ps
Data Sets and Software



General information

synthetic UNM lpr data

Synthetic data for lpr were collected at UNM on Sun SPARCstations running unpatched SunOS 4.1.4 with the included lpr. We used strace to collect the data. Experiments on this data are reported in our Journal of Computer Security paper.

Use the original SunOS mapping file for these traces.

normal data

lprcp intrusion: The lprcp attack script uses lpr to replace the contents of an arbitrary file with those of another. This attack exploits the fact that older versions of lpr use only 1000 different names for printer queue files, and they do not remove the old queue files before reusing them. The attack produces 1001 traces. In the first trace, lpr places a symbolic link to the victim file in the queue. The middle traces advance lpr's counter, until on the last trace, the victim file can be overwritten with the attacker's own material. 8LGM Advisory: look for [8lgm]-advisory-3.unix.lpr.19-aug-1991.

intrusion trace data

 
Computer Science Department, Farris Engineering Building,
University of New Mexico, Albuquerque, NM 87131
Phone: (505) 277-3112 Fax: (505) 277-6927
Email: forrest@cs.unm.edu