CS 725/825 Computer Networks, IT 725 Network Technology
Assignment 3

Due: Thursday, April 10, 2014, 8:10 am (start of the class)

Problems:

  1. (10 points) On occasions I start an Apache webserver on my laptop. Even though I don't keep it running for long, I see occasional attempted attacks in the log (access_log):

    200.53.59.194 - - [06/Jan/2014:10:39:26 -0500] "\x96\x89\xc3^\xba(=\xb4\xad\x11= \xe1\xeb\x8d\x9c" 400 226
70.199.0.151 - - [06/Jan/2014:13:10:59 -0500] "-" 408 -
213.74.103.2 - - [07/Jan/2014:09:05:02 -0500] "\x02f\xcb\x956\xfa$\xb1\x0e}\xc22j\xe0\x82;$\xc0\xe0{\xce?\xb0\xecw1\x8e\xee\xe2/i" 501 246
148.204.15.1 - - [07/Jan/2014:09:23:00 -0500] "-" 408 -
38.116.192.247 - - [15/Jan/2014:08:34:17 -0500] "\xe5\xcd\x0c\v\xb9\xa8\xcc\x90VQ|\xb4\x1d\xd7\xd2\xeb\xe2\xd7\x1a\x1df\xf7\x05}" 400 226
111.73.45.233 - - [15/Jan/2014:09:24:08 -0500] "GET http://www.daydaydata.com/proxy.txt HTTP/1.1" 404 207
59.61.216.53 - - [29/Jan/2014:16:24:47 -0500] "GET http://www.mit.edu/ HTTP/1.1" 200 44

    If you are not familiar with the Common Log Format (CLF), check the Wikipedia article on the subject. Answer the following questions:

    • Based on the IP addresses, where did the attacks come from?
    • What were the attackers trying to do?
    • How did the server handled the requests (look at the HTTP Status Code)?
  2. (5 points) Calculate MD5 and SHA-1 digest of a2.html, the HTML description of the previous assignment (download it from http://www.cs.unh.edu/~rbartos/class/cs725/ay/a2.html).
  3. (5 points) What are the first few bytes of the public key in the certificate used by https://www.google.com/? Who issued the certificate?
  4. (20 points) Learn how to use command line utilities curl or wget and outline an approach that can be used to fill web forms from a script. Come up with a simple demo.
  5. (20 points) Study trace cs725-s14-a3.pcap (CloudShark: https://www.cloudshark.org/captures/c3b3edaf6bdd) and answer the following questions. The trace captures the communication between a browser and a node.js-based implementation of the CS version of the programing part of this assignment.

    • Describe the activity that is captured by the trace.
    • What user activity triggered each of the HTTP requests?
    • What is the meaning "c07" right before the opening tag of the first document?
    • What does the "DNT: 1" line in the HTTP request mean?
  6. (30 points) In this question you are asked to implement a web-based prefix calculator similar in functionality to the one that you implemented for Assignment 1. Since this is not an exercise in web page development, the HTML for the solution is provided and should not be modified (IT students are asked to modify the JavaScript portion of the page). A static (the AJAX request in the page results in a fixed response regardless of its parameters) example of the page can be found here. The page served in the trace can be downloaded from http://www.cs.unh.edu/~rbartos/class/cs725/ay/a3/formnjs.html.

    7. CS Students: Write a node.js server that provides the functionality observed in the trace from the previous question. More specifically, the server should serve page formnjs.html, it should respond to the AJAX GET /prefcalc request from the page by returning JSON-encoded results of the prefix calculation, and it must return HTTP 404 Page Not Found status code for any other request. As with any servers, it is very likely that your implementation contains significant security holes that can be easily exploited. For that reason, do not leave your code running longer than it is necessary for testing. This is also the reason why the example page uses no active components on the server side. Include your code in the report together with a brief description of your approach. Create an archive with all the files required to run the server. Name the archive using the standard naming scheme (e.g., xyz123-a3.tgz) and submit it with your assignment.

    IT Students: Modify the HTML file so that the functionality is provided by a client-side script embedded in the page. For that you need to remove the AJAX call to the server and replace it with a JavaScript version of the code that you wrote for Assignment 1. Include the JavaScript from the page in the report together with a brief description of your approach. Name the file using the standard naming scheme (e.g., xyz123-a3.html) and submit it with your assignment.

    Other majors: you can pick either the CS or the IT option.

Submission instructions:

Follow the standard assignment submission instructions.