9 Extra Credit

Our intent in suggesting extra credit items is to give interested students the opportunity to explore additional topics that we do not have time to cover in class. The primary reward for working on the suggested items is the additional experience and knowledge that they give you, not extra credit points. Extra credit will be granted at the discretion of the teaching staff.

For each suggestion, we list a rough estimate of the number of points you can receive. If you have more specific expectations about the extra credit you will receive, you should consult your TAs beforehand to avoid any disappointment.

If you work on the suggested topics below, please include in your project submission a file called extra.txt, describing what you have done.

Access Control, 3 points

Section 7 of the RFC suggests performing a reverse DNS lookup, along with a forward DNS lookup, to validate connection requests. This is actually one of the features provided by TCP wrappers. Look up the documentation on TCP wrappers, explain what it does and what kinds of attacks it addresses, and incorporate TCP wrappers in your server.

Buffer Overflow Exploits, 6 points

(3 points for implementation, 3 points for test cases.) One of the most common vulnerabilities in server software results from their handling of input that is longer than expected. Attack tools that take advantage of these vulnerabilities are called buffer overflow exploits. Investigate one of the proposed solutions to buffer overflow problems (such as libsafe). Explain what it does, what kinds of attacks it does (and does not) address, and incorporate it into your server. Include some test cases that attempt to exploit buffer overflows.

Denial of Service, 6 points

(3 points for implementation, 3 points for evaluation.) Section 8.10 of the RFC provides some suggestions for dealing with malicious clients that attempt to make the IRC service useless by flooding the network. Implement the suggestion, and experimentally evaluate its effectiveness. Report your experimental findings. Propose any other solutions to the problem that you think of.

Scalability, 3 points

Section 9 of the RFC notes that one of the current problems with the IRC protocol is scalability. Suggest how the protocol might be changed to improve scalability. You may get some ideas from looking at the design of IP multicast. (Or maybe not!)

Your Own Idea

We welcome your suggestions for other interesting extensions to the project.