The format for this deliverable is not very important. Answer at least the questions posed below in the template. Keep the headings. The objective is to convince the reader that: (1) the attack is relevant; (2) the attack method is realistic and the attack can be completed within the constraints of the course. The more concrete your description is, the better these goals can be achieved. ----- begin attack plan template ----- Names: Group #: Target(s) of attack =================== - The object being attacked - protocol, implementation, product, network, ... * Example: Kerberos as implemented in Windows 2003. (Then go on to identify the particular Windows version etc. in more detail.) - The particular subsystem or feature being attacked * Example: Kerberos time stamp synchronization issues, in particular, we plan to attack features X, Y, and Z. (Then go on to give concrete references.) Method of attack ================ - Describe, shortly, what you plan to attack and what's the basic approach used in the attack * Example: Exploit vulnerabilities in Kerberos when hosts have unsynchronized clocks. Clock synchronization is disrupted by spoofing NTP packets. (Note that this example is completely fictional :-) - If the attack has been described elsewhere, give a reference. * Example: The basic attack is described in X. * Example: The basic vulnerability is described in X, but we'll devise a new attack on the vulnerability. * Example: We're looking for a new vulnerability. Environment of attack ===================== - Describe where you plan to carry out your attack * Example: home network * Example: network at work - Describe how you plan to contain the effects of your attack. * Example: isolated network ----- end attack plan template -----