Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Attached the rubric and book pdf below

1 answer below »
Intrusion Detection and Incident Response
Cuckoo’s Egg Analysis

GOAL: Read Cliff Stoll’s book, Cuckoo’s Egg (any edition), and write a 7 to 10 page paper on
the intrusion detection and incident response techniques used in the book. Identify proper
techniques (what will you use as your reference or base framework?) used and those that did not
work. This is not a book report—I know the story—it is an analysis.

GRADING: This project is worth 100 points. The grade will come from your paper only.
Papers that clearly describe the techniques and provide an analysis of how the techniques led to
the capture of the hacker will be graded higher. Papers that are well formatted, properly
eferenced, and cohesive will score higher. Writing a book report with little to no analysis will
score much lower.

COLLABORATION POLICY: No collaboration allowed—individual effort only. The work
on the paper will be an individual effort only.

TURN-IN REQUIREMENT: Papers will be 7 to 10 single spaced pages in length, font Times
New Roman or Cali
i, size 12. The title page should clearly state the title of your paper will
include your name. The title page does not count as one of the pages for the report. The
ibliography will not count as one of the pages required for turn in. All references will be
properly cited—you should have more than one. I recommend using inline references in your
paper. More references integrated into your paper tells me you did better research and analysis.
Submit your paper on Blackboard in PDF format with the file naming convention
lastname_abc123_3523_ Cuckoo_Analysis.

LATE SUBMISSIONS: There will be a 25% penalty for each day that the paper is late without
prior coordination with me. This means that the best you can do is 75% of the total points
possible if you are one day late, 50% if two, and so forth.

    Intrusion Detection and Incident Response
    Cuckoo’s Egg Analysis

Cliff Stoll
Page 1 of 254THE CUCKOO'S EGG
nothing, fearing that telling people how to mix explosives will encourage them to
make bombs. In this book I've explicitly described some of these security problems,
ealizing that people in black hats are already aware of them.
I've tried to reconstruct this incident as I experienced it. My main sources
are my logbooks and diaries, cross-checked by contacting others involved in this
affair and comparing reports from others. A few people appear under aliases,
several phone numbers are changed, and some conversations have been recounted from
memory, but there's no fictionalizing.
For supporting me throughout the investigation and writing, thanks to my
friends, colleagues, and family. Regina Wiggen has been my editorial mainstay;
thanks also to Jochen Spe
er, Jon Rochlis, Dean Chacon, Winona Smith, Stephan
Stoll, Dan Sack, Donald Alvarez, Laurie McPherson, Rich Muller, Gene Spafford, Andy
Goldstein, and Guy Consolmagno. Thanks also to Bill Stott, for Write to the Point,
a book that changed my way of writing.
I posted a notice to several computer networks, asking for title suggestions.
Several hundred people from around the world replied with zany ideas. My thanks to
Karen Anderson in San Francisco and Nigel Roberts in Munich for the title and
Doubleday's editors, David Gernert and Scott Ferguson, have helped me
throughout. It's been fun to work with the kind people at Pocket Books, including
Bill Grose, Dudley Frasier, and Gertie the Kangaroo, who's pictured on the cover of
this book. To them, as well as my agent, John Brockman, thanks for your continued
encouragement and wise advice.
To each of these people, I'm indebted; I owe most of them boxes of cookies as
Lawrence Berkeley Laboratory supported me throughout this quest; the people of
Smithsonian Astrophysical Observatory—especially Joe Schwarz and Steve Mu
have been most gracious and supportive while I've been writing this book. My deep
thanks go to my friends at both institutes, and my hopes that I'll now be able to
eturn to astronomy.
I was ten years old when Ernst Both of the Buffalo Museum of Science invited me
to look through a telescope, opening up a universe of astronomy. I wonder if I'll
ever be able to thank him properly.
I needn't thank my sweetheart and wife, Martha Matthews. She's been as much a
part of writing this book as she was in the story.

—Cliff Stoll
Electronic mail addresses:
CompuServe: 71660,3013
Genie: Cliff-Stoll
AOL: cliffstoll

Page 2 of 254THE CUCKOO'S EGG

Page 3 of 254THE CUCKOO'S EGG
telescope optics. Looking back on it, I'd lived in an academic dreamland. All these
years, never planning for the future, right up to the day my grant money ran out.
Lucky for me that my laboratory recycled used astronomers. Instead of standing
in the unemployment line, I found myself transfe
ed from the Keck Observatory at
the Lawrence Berkeley Lab, down to the computer center in the basement of the same
Well, hell, I could fake enough computing to impress astronomers, and maybe
pick it up fast enough that my co-workers wouldn't catch on. Still, a computer
wizard? Not me—I'm an astronomer.
Now what? As I apathetically stared at my computer terminal, I still thought of
planetary o
its and astrophysics. As new kid on the block, I had my choice of a
cubicle with a window facing the Golden Gate Bridge, or an unventilated office with
a wall of bookshelves. Swallowing my claustrophobia, I picked the office, hoping
that nobody would notice when I slept under the desk. On either side were offices
of two systems people, Wayne Graves and Dave Cleveland, the old hands of the
system. I soon got to know my neighbors through their bickering.
Viewing everyone as incompetent or lazy, Wayne was crossthreaded with the rest
of the staff. Yet he knew the system thoroughly, from the disk driver software up
to the microwave antennas. Wayne was weaned on Digital Equipment Corporation's Vax
computers and would tolerate nothing less: not IBM, not Unix, not Macintoshes.
Dave Cleveland, our serene Unix buddha, patiently listened to Wayne's running
stream of computer comparisons. A rare meeting didn't have Wayne's pitch, "Vaxes
are the choice of scientists everywhere and help build strong programs twelve
ways." Dave retorted, "Look, you keep your Vax addicts happy and I'll handle the
est of the world."
Dave never gave him the satisfaction of getting riled, and Wayne's complaints
eventually trailed off to a mutter.
Great. First day on the job, sandwiched between two characters who were already
uining my daydreams with their periodic disputes.
At least nobody could complain about my appearance. I wore the standard
Berkeley corporate uniform: gru
y shirt, faded jeans, long hair, and cheap
sneakers. Managers occasionally wore ties, but productivity went down on the days
they did.
Together, Wayne, Dave, and I were to run the computers as a lab-wide utility.
We managed a dozen mainframe computers—giant workhorses for solving physics
problems, together worth around six million dollars. The scientists using the
computers were supposed to see a simple, powerful computing system, as reliable as
the electric company. This meant keeping the machines running full time, around the
clock. And just like the electric company, we charged for every cycle of computing
that was used.
Of four thousand laboratory employees, perhaps a quarter used the main
computers. Each of these one thousand accounts was tallied daily, and ledgers kept
inside the computer. With an hour of computing costing three hundred dollars, our
ookkeeping had to be accurate, so we kept track of every page printed, every block
Page 4 of 254THE CUCKOO'S EGG
of disk space, and every minute of processor time. A separate computer gathered
these statistics and sent monthly bills to laboratory departments.
And so it happened that on my second day at work, Dave wandered into my office,
mumbling about a hiccup in the Unix accounting system. Someone must have used a few
seconds of computing time without paying for it. The computer's books didn't quite
alance; last month's bills of $2,387 showed a 75-cent shortfall.
Now, an e
or of a few thousand dollars is obvious and isn't hard to find. But
ors in the pennies column arise from deeply buried problems, so finding these
ugs is a natural test for a budding software wizard. Dave said that I ought to
think about it.
"First-degree ro
ery, huh?" I responded.
"Figure it out, Cliff, and you'll amaze everyone," Dave said.Well, this seemed
like a fun toy, so I dug into the accounting program. I discovered our accounting
software to be a patchwork of programs written by long-departed summer students.
Somehow, the hodgepodge worked well enough to be ignored. Looking at the mixture of
programs, I found the software in Assembler, Fortran, and Cobol, the most ancient
of computer languages. Might as well have been classical Greek, Latin, and
As with most home-
ew software, nobody had bothered to document our accounting
system. Only a fool would poke around such a labyrinth without a map.
Still, here was a plaything for the afternoon and a chance to explore the
system. Dave showed me how the system recorded each time someone connected to the
computer, logging the user's name, and terminal. It timestamped each connection,
ecording which tasks the user executed, how many seconds of processor time he
used, and when he disconnected.
Dave explained that we had two independent accounting systems. The ordinary
Unix accounting software just stored the timestamped records into a file. But to
satisfy some bureaucrat, Dave had built a second accounting system which kept more
detailed records of who was using the computer.
Over the years, a succession of bored summer students had written programs to
analyze all this accounting information. One program collected the data and stashed
it into a file. A second program read that file and figured how much to charge for
that session. Yet a third program collected all these charges and printed out bills
to be mailed to each department. The last program added up all user charges and
compared that total to the result from the computer's internal accounting program.
Two accounting files, kept in parallel by different programs, ought to give the
same answer.
For a year, these programs had run without a glitch, but weren't quite perfect
this week. The obvious suspect was round-off e
or. Probably each accounting entry
was co
ect, but when added together, tenths of a penny differences built up until
an e
or of 75 cents accumulated. I ought to be able to prove this either by
analyzing how the programs worked, or by testing them with different data.
Rather than trying to understand the code for each program, I wrote a short
program to verify the data files. In a few minutes, I had checked the first
program: indeed, it properly collected the accounting data. No problem with the
The second program took me longer to figure out. In an hour I had slapped
together enough makeshift code to prove that it actually worked. It just added up
time intervals, then multiplied by how much we charge for computer time. So the 75-
Page 5 of 254THE CUCKOO'S EGG
cent e
or didn't come from this program.
And the third program worked perfectly. It looked at a list of authorized
users, found their laboratory accounts, and then printed out a bill. Round-off
or? No, all of the programs kept track of money down to the hundredths of a
penny. Strange. Where's this 75-cent e
or coming from?
Well, I'd invested a couple hours in trying to understand a trivial problem. I
got stu
orn: dammit, I'd stay there till midnight, if I had to.
Several test programs later, I began actually to have confidence in the
mishmash of locally built accounting programs. No question that the accounts didn't
alance, but the programs, though not bulletproof, weren't dropping pennies. By
now, I'd found the lists of authorized users, and figured out how the programs used
the data
Answered 5 days After Sep 15, 2023


Bidusha answered on Sep 19 2023
5 Votes
Last Name:    1
Title: Intrusion Detection and Incident Response Techniques in Clifford Stoll’s Book, Cuckoo’s Egg
Introduction    4
Step-by-Step Intrusion Detection Techniques Applied by Cliff Stoll    6
Detection is the First response.    6
Notification to a Third Party about the Attack    6
Cliff plans to foster a terminal that blares when an interloper has a go at logging quickly into the system.    7
Engagement of the Organization group in following the Seventek line Association    7
To assist with following him, Cliff gets new gear    8
Cliff ca
ies Tymnet's skill to follow Seventek's line    9
Cliff Gets a Wa
ant    9
Cliff's Trick to draw Hacker into the system    10
Cliff's Techniques That Did Not Work    11
1. Investigating as opposed to forestalling vulnerabilities    11
2. He took on a manual intrusion detection approach.    11
3. Reaching the authorities    12
Lessons learned from this book    12
Conclusion    14
Work Cited    15
Dissecting a security ecosystem to recognize possibly hurtful ways of behaving that could hurt the organization is known as inte
uption detection (Jose et al., 5) When a peril is distinguished, specialists should recommend moderation estimates that ought to be taken to stop the danger before it might harm any cu
ent weaknesses. A compromised system causes some major problems for the two people and organizations. Furthermore, by far most organizations that defend their information will involve smart faculty and state-of-the-art innovation that fills in as a defence obstruction, forestalling anyone hoping to
ing on some issues. Security, in any case, is a proceeding with exertion, and neither an individual nor an association can be guaranteed safety. The purpose of this study is to analyze the occu
ence reaction and inte
uption detection systems utilized in Cuckoo's Egg (Stoll).
How individuals respond to a circumstance is critical for perceiving and forestalling chances. To keep unfriendly people from having sufficient opportunity to get to basic data inside the firm, security projects ought to have the option to distinguish issues instantly and successfully (Jose et al., 7). Because of early ID, the association's guarded program can handle most of the dangers. The defence projects ought to likewise have the option to counter the dangers (Stoll). The perils are viewed too known risks. Obscure dangers do exist, however, and individuals and associations work to recognize them. It demonstrates that individuals and associations have never run into them. Often, shrewd individuals utilize state-of-the-art procedures. Since perceived dangers periodically figure out how to sidestep even the best defensive measures, most safety organizations regularly filter for both known and unidentified dangers.
Clifford Stoll's book, Cuckoo's Egg, portrayed his affection and devotion for his work as well as the consistent determination of his business and exercises. Because of the way that Cliff Stoll's book Cuckoo's Egg refers to detection, inte
uption, and inte
uption strategies and methods, this study will zero in on those. The paper will likewise investigate Cliff-explicit techniques and procedures that weren't fruitful. Even though the book was made or rather created in 1986 when systems were barely at any point referenced regarding organizations, it looks at PC security issues, in particular modern espionage and hacking.
Cliff Stoll never professed to be a PC virtuoso; all things considered, he devoted his time planning telescope focal points for use by stargazers. After utilizing all of his award subsidizing, he was momentarily without exercises and satisfactory future thoughts and a technique. He was adequately lucky to assume the job and position of Systems Manager at the highest point of Berkley, California-based Lawrence Berkley Lab. From his earlier capacities and PC programming experience, he offered a switch to begin the position. In a
ief moment, his partner saw a bookkeeping distinction of $75,000 on the documents containing thoughts and data on the productive utilization of PC assets under his a very long time at the laboratory. Nonetheless, this mysterious client didn't utilize the $75 worth of PC time. Cliff had an issue since the client had likewise decided to erase 75 cents from one of the records (Stoll). To show how Cliff Stoll is up to speed? The aggregate sums in the two duplicates of the bookkeeping desk work were off by 75 cents.
Every one of them transformed into the tusk of an individual username "Hunter." Cliff had the option to eliminate the client from the system, yet Hunter had the option to use the recently made record to make another system record and sign in. Albeit the hacker could procure a couple of dollars from different responsibility issues. The hacker from Lawrence Berkley's lab gave everybody shudders for two primary reasons. The hacker cu
ently approached the organization's email because of this activity. One of the messages came from a given individual of the worker's login data so they could get to the system during the holiday. At the point when the hacker was doing this, Cliff claims in the book, it was moreover direct for the customers.
Step-by-Step Intrusion Detection Techniques Applied by Cliff Stoll
Detection is the First response.
Guaranteeing appropriate gadget security is the initial stage in the distinguishing system. This stage said that the head ought to first check the organization and the plan for abnormalities or inte
uptions in typical system activities once the system's well-being necessities have been fulfilled. As per Cliff, or as his buddies would constantly consider him, it all started with $75 in bookkeeping blunders and issues that were intended to be seen by his boss Dave Cleveland. The client was liable for the bookkeeping issue because the hacker was getting to the system utilizing the hunter (Bejtlich 13). Stoll vowed to erase the record in return for the criticism to keep the client from getting to the system and data.
Notification to a Third Party about the Attack
After the Hunter account was erased, Steve saw a third-party message demonstrating somebody had endeavoured to sign in. The NSA proprietor cautioned it, noticing that an individual from LBNL was attempting to get into the dockmaster. Stoll was then educated regarding the issue and recognized the "Seventek" client as the one endeavouring to get to the dockmaster. Seventek was a talented software engineer who had recently made various papers and projects for Berkley laboratories' UNIX system.
Cliff plans to foster a terminal that blares when an interloper has a go at logging quickly into the system.
Cliff, who never su
enders, settled on the choice to
eak into and monitor the organization's activities. To achieve this, he decided to interface various PCs to a phase that was...

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here