ECE4112 Internetwork Security
Lab 12: Internet Information Services (IIS)
Group Number: _________
Member Names: ___________________ _______________________
Lab Authors: Scott McCans, Peter Mehravari
Date Assigned: ???????
Date Due: ????????
Last Edited: ????????
Please read the entire lab and any extra materials carefully before starting. Be sure to start early
enough so that you will have time to complete the lab. Answer ALL questions in the Answer
Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the
Date Due.
Goal: The goal of this lab is to introduce the Windows based platform Internet
Information Services (IIS) as a viable web server. In particular, emphasis will be placed
upon getting to know the vulnerabilities of the application as well as how to protect the
server against black hat attacks.
Summary: This lab consists of two main sections plus a section dedicated to
setup and one to further research. The two major experimental sections will be dealing
with IIS version 5.0 and 5.1. For both of these versions, exploits will be presented and
explained, and also information on how to harden both of these web servers to prevent
the vulnerabilities will be discussed.
Background and Theory:

Read “Hacking Exposed” Web Server Hacking pg 536-561

Read Wikipedia’s entry on IIS (see Reference [1])

Read about ASP and the role of the global.asa file (see Reference [2])
Prelab Questions:
PLQ1. Give a summary of all the versions of IIS and what operating system they
run on.
PLQ2. What is the role of the global.asa file in ASP?
1
Equipment:
This lab requires the use of four machines on the same network:
1. RedHat 4.0 WS Host Machine
2. Windows XP Virtual Machine
3. Preconfigured Win2kServer Virtual Machine
4. Preconfigured Win2k3Server Virtual Machine
Equipment needed:
1. Windows XP Professional CD
Section 1: Setup
1.1 Setting up the IIS server on Windows XP Virtual Machine
1. Put the Windows XP CD in the drive. If the CD isn’t recognized by the virtual
machine right click on the CD drive with the red X over it (located at the bottom
right of the VMware window) and click enable.
2. Go to the Control Panel. Click on Add/Remove Programs
3. Click on the Add/Remove Windows Components button on the left side of the
window.
4. Put a check in the box next to “Internet Information Services (IIS)” and click
Next. Let IIS install.
5. When it’s done installing restart Windows.
6. After Windows reboots, try to access the web server from Red Hat WS 4.0. Open
a web browser and try to connect to the address http://<Windows XP IP address>.
If IIS is properly running you should get a page saying the site is under
construction.
1.2 Setting up the IIS Win2k and Win2k3 Server Virtual Machines
Copies of the virtual machines, created by the TAs, are available on the NAS server. You
will be creating virtual machines out of them. Copy the files called Win2k.zip and
Win2k3.zip from the NAS server to your Red Hat 4.0 WS root directory. Unzip these
files using the unzip command to your /root/vmware/ folder. Look at appendix A for
instructions on how to install these images in Vmware if you have forgotten.
2
When creating the virtual machine, you may be prompted about upgrading. If so, click on
the upgrade button.
Configure the IP addresses as follows
 WinXP = 56.35.6.(x+2)
 Win2kServer = 56.35.6.(x+3)
 Win2k3Server = 56.35.6.(x+4)
See appendix B for configuring windows machine IP addresses
Section 2: IIS 5.0
Power on the Win2kServer virtual machine, which was installed in the previous section.
This section of the lab will be dealing exclusively with this virtual machine.
The login is “Administrator” and the password is “pass” for this virtual machine.
2.1 IISHACK2000
http://downloads.securityfocus.com/vulnerabilities/exploits/iishack2000.c
This exploit takes advantage of a printer buffer overflow on the Windows 2000 version of
IIS. The result of running this overflow is a file created on the C: drive.
Copy the file iishack2000.c from the NAS to a location on your Red Hat 4.0 WS local
machine. Using the terminal window locate the file. Compile and run the .c code using
the following commands:
gcc iishack.c –o iishack
./iishack 57.35.6.(x+3) 80 0
Look in the C: directory of the Win2kServer machine and observe its contents.
Q2.1.1. What new file is now located in the Win2kServer’s C: folder?
Screenshot #1: Take a screenshot of the C: drive showing the added file.
Look at the actual code being implemented by iishack2000. This program has the ability
to take in any shell code and run it using a buffer overflow. The file created is just a
default file which is used to prove the exploit works
Q2.1.2. What sort of files would be more useful to a hacker to use along with this
exploit instead of the default file.
3
Q2.1.3. Look at the outputted text after the program is run. What does this suggest
to you might be ways of preventing this exploit from affecting your server.
2.2 Double Decode Directory Traversal Attacks
http://www.unleashedportal.com/Article1033.html
Exploits do not always need a specific tool or code file; in this case all an attacker needs
is a web browser.
Open Ethereal in Red Hat 4.0 WS and set start capturing packets. Open the Firefox web
browser on the Red Hat 4.0 WS host machine and enter the following in the address line:
http://57.35.6.x+3/Scripts/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system
32/cmd.exe?/c+dir+c:\
If a save file prompt appears click cancel. Stop ethereal and follow the TCP stream to
find the commands sent and the response given.
Screenshot #2: Take a screenshot of the TCP stream showing the contents of C:
drive
The exploit works because the “Scripts” directory on the web server has execute
permissions. The “..%%35%63” tells the server to move up a folder. In this example it
goes up four directories and ends up in C:\. The “winnt/system32/cmd.exe” part of the
URL tells the server to run that program, which is the windows shell program.
Everything after the “?/c+” is what is run by cmd.exe. In this case the command “dir c:\”
is run, which is why we see the listing of the C:\ directory in the ethereal capture.
Q2.2.1. Using the method described above, how would you go about deleting a file,
test.txt, located in the C:/ directory? Make a test.txt file on the Win2kServer virtual
machine and test it out.
Now we want to run something other than “cmd.exe.” As a blackhat, one might want to
run such programs as rootkits, Trojans, or viruses. However for simplicity we will try to
run Notepad.
Locate the Notepad program and use the above techniques to run it.
Q2.2.2. What would the URL be to run this application?
4
Screenshot #3: Take a screenshot of the Win2kServer Task Manager showing the
NOTEPAD.exe running
2.3 IIS 5.0 Search Buffer Overflow
http://www.securiteam.com/windowsntfocus/5JP0C203PQ.html
The most important aspect of a web server is for it to be up and running at all times. If
attackers are then trying to inflict the most damage to a web server, they should
implement a denial of service attack. In this exercise we will be running such an attack
and seeing how it affects the server’s operation. Once the symptoms of an attack are
known, administrators can keep a watchful eye out for these attacks and hopefully
prevent future ones.
Copy the iis50dos.pl file to your root directory on your Red Hat 4.0 WS machine. From
that directory run the following command:
perl iis50dos.pl 57.35.6.x+3 80
You will notice that nothing substantial occurs. Now open out the task manager on the
Win2kserver virtual machine and find the processes called “inetinfo.exe.” This is the IIS
process. Bring up the Red Hat 4.0 WS terminal where you just executed the exploit so
that you can also see the task manager. As you execute the code again, watch what
happens to the “inetinfo.exe,” and also look at the total CPU usage at the bottom of the
task manager window.
Q2.3.1. Describe what happens to the server when the DoS exploit is run.
Now we would like to actually see what is going on.
Click on the start menu on the Win2kserver -> Select Programs -> Select Administrative
Tools -> Select Event Viewer
Select system log from the list of the left side. Double click on one of the errors that
were caused by the exploit.
Screenshot #4: Take a screenshot of one of the event logs in Event Viewer created by
the exploit
2.4 IIS Lockdown
http://www.microsoft.com/technet/security/tools/locktool.mspx
5
Note: Be sure to complete the previous sections before installing IIS Lockdown. It
makes some changes that aren’t easily reversed, which may interfere with the exploits
used.






Copy the file “iislockdown.exe” to the Win2kServer virtual machine
Run the executable
Click Next then Next again to accept the agreement
Select “Static Web server” from the list of server templates then click Next
Click Next, then Next again
After installation finishes, click Next then click Finish
Now that the lockdown hardening tool has been installed, we will try some of the exploits
we used in the previous sections.
Open up a browser on the host machine and enter the code you used to look at the
contents of the C drive
http://57.35.6.x+3/Scripts/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system
32/cmd.exe?/c+dir+c:\
Q2.4.1. Are you able to see the Win2kServer’s C: directory?
Now try to run the denial of service attack from the last section again.
Q2.4.2. Does the exploit still work?
To further understand how the lockdown program makes IIS more secure look over the
program’s website at http://www.microsoft.com/technet/security/tools/locktool.mspx and
any other websites you can find.
Q2.4.3. How does IIS Lockdown prevent exploits such as the ones used in this lab?
Section 3: IIS 5.1
This section will be dealing primarily with the WinXP machine. Make sure that this
virtual machine is the only one running. We will also be using the 4.0 WS machine to
access data on the XP server.
6
Even though IIS is always running the background, we would like to actually see what is
going on in order to understand its functionality better. To access the IIS program:
Click on the Start menu -> Click on Control Panels -> Click on Administrative Tools ->
Click on Internet Information Services. This should bring up the IIS screen. Now that
you can see the interface, open up all the folders in the default website to better see what
is being kept on the server.
3.1 Malformed URL
http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
From your Red Hat WS 4.0 machine open a web browser and load the following address:
http://<Windows XP IP address>/_vti_bin/.dll/*\~0. You should get a page that says
“The filename, directory name, or volume label syntax is incorrect”
Hold Ctrl and click the refresh button. The page will stay the same. Keep clicking on the
refresh button
Q3.1.1. How many times did you need to load the page before something different
happened?
Look at the Windows XP virtual machine. You should have a message indicating that
“Internet Information Services has encountered a problem.” The reason it takes four
refreshes to crash the server is because the command accesses a counter in the
inetinfo.exe process. This entry decrements itself each time the refresh button is pressed.
Once the counter reaches 0x0 address, counted down to zero, the ntdll.dll is not able to
properly read this value and reacts by crashing the entire IIS server. [7]
Screenshot #5: Take a screenshot of the error message that occurs when IIS crashes
on the WinXP Virtual Machine.
Examine the address typed into the host’s web browser. You will notice that it tries to
access the _vti_bin folder which is one of the default folders IIS makes. Try to use some
of the other default folders instead of _vti_bin.
Q3.1.2. Does accessing these other folders also cause to server to crash?
You can take a closer look at the properties of these folders in the IIS manager running
on the Windows XP virtual machine by right clicking on them and selecting “Properties.”
In particular take a look at the Application Settings of the folders
7
Q3.1.3. What makes the _vti_bin folder different from the other default folders?
Since you have found why the _vti_bin folder is vulnerable to malformed url attacks, can
you find a way to make it secure? (Hint: it has something to do with what makes it
different than the other folders) Once you have fixed the vulnerability try once again by
running the original exploit
Q3.1.4. Does the exploit still make the server crash?
Screenshot #6: Take a screenshot of the host machine’s webpage after the exploit
was run against the secured web server.
Before moving on to the next section, reset all changes made in order to secure the server.
Test the exploit to ensure IIS is now vulnerable again.
3.2 URL Scan
http://www.microsoft.com/technet/security/tools/urlscan.mspx
Copy “urlscanSetup.exe” from the NAS to the WinXP virtual machine. Run the
program. Click “Yes” to accept the license -> Click Ok when it finishes installing.
Retry the exploit in the previous section by entering “http://<Windows XP IP
address>/_vti_bin/.dll/*\~0” on the Red Hat 4.0 WS machine’s web browser.
Q3.2.1. Does the exploit now make the server crash after URL Scan has been
installed?
The URL Scan works by checking all incoming messages to the server for certain “catch
phrases.” These catch phrases are mostly commonly known exploits but allow
administrators to actively add suspicious text as new vulnerabilities come to light. Some
of the phrases URL Scan look for are as follows and can be found on Microsoft’s website
dealing with URL Scan Version 2.0 [9]:
 reject requests in the form of "/abc.dll/foo.bar.htm"
 look for the first recognizable extension in the string (.exe, .dll, .com)
 log output for URLs changed to pre-pended with the instance ID of the site
 [AllowExtensions] and [DenyExtensions] now supported by the administrator
entering "." as an extension to give them a way to include extensionless URLs.
8

administrator can specify a URL to return to the client in the case of a rejected
request
By looking out for these extensions and dealing with them appropriately, administrators
of web servers will be able to protect themselves from the initial vulnerabilities that came
with the application.
To take a further look into how the actual code works, open up the URL Scan
configuration file located in c:\WINDOWS\system32\inetserv\urlscan\. Open the file
called urlscan.ini. Look through the code and try to understand how the program works.
Q3.2.2. List all of the URL sequences which URL Scan blocks?
Take a look at all of the extensions which URL Scan also blocks. You will notice that
there are too many to list. One thing which URL Scan does run into problems with is
denying some extensions which might be useful to white hat users of the web server.
Q3.2.3. What are some extensions that might limit usage of a web server because
they are blocked by URL Scan and why are they important?
Let’s say we now want to allow ASP pages in our web server without wanting to turn
URL Scan off.
Load up in a browser on the 4.0 WS machine and access http://57.35.6.x+2/iisstart.asp
Q3.2.4. Can the page be found?
Open up the urlscan.ini as found above and search through the file till you find the
section titled “Deny ASP Requests.” Following the title it should list four extensions that
will be denied by the program. Comment out the first of the extensions by adding a
semicolon before the extension. It should look as follows
;.asp
Save the file and close it. Run urlscan.exe which also resides in the same folder as
urlscan.ini. A window should come up stating that it has been successfully installed.
Press OK. This causes the changes made in the urlscan.ini to take effect.
Load up the http://57.35.6.x+2/iisstart.asp page again on the 4.0 WS machine and view
the result.
9
Q3.2.5. What does the page now display?
Screenshot #7: Take a screenshot of the web browser after accessing the iisstart.asp
page.
Uninstall URL Scan through the Control Panel’s “Add/Remove Programs” to be sure it
doesn’t interfere with the next section.
3.3 Remote IIS Server Name Spoof
http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html
Due to the way IIS handles errors based on the “SERVER_NAME” variable, attackers
can spoof the server name to get sensitive information, such as logins and passwords. In
this section you will be doing such a spoof and looking at what information is giving as a
result of this flaw.
Copy the “test.asp” file from the NAS to the C:\Inetpub\wwwroot\ directory on your
Windows XP virtual machine.
On your Red Hat 4.0 WS machine open up a terminal window. Telnet into the WinXP
web server using the following command:
telnet 57.35.6.x+2 80
Type in the following command to retrieve the test.asp webpage:
GET /test.asp HTTP/1.0
Hit enter again and the server should return the result of the page. Open up the test.asp
file in a text editor.
Q3.3.1. What IP address did the server return when accessing the test.asp page?
Why is this?
Telnet into the WinXP web server again. This time retrieve the test.asp page using the
following command:
GET http://localhost/test.asp HTTP/1.0
Q3.3.2. What value is returned by the variable “SERVER_NAME” from the
test.asp code?
10
Q3.3.3. Where does the server think the request is coming from, and why is this a
problem?
Now we will take advantage of this flaw. Copy the “global.asa” file from the NAS to the
C:\Inetpub\wwwroot\ directory on your WinXP virtual machine. This file stores
functions and variables that can be accessed by all .asp files.
Again, telnet into the WinXP web server and type in the following command:
GET / HTTP/1.0
Near the bottom of the page returned, look for the “Error Type” and the line that starts
with “Microsoft VBScript compilation”. Create a text file on your RedHat 4.0 WS and
copy the text between the <li> and </li> tags that include the “Error Type”. This will be
used to compare the differences between accessing remotely and as localhost.
Telnet into the Windows XP web server again.
Q3.3.4. Remembering what we previously did to spoof the server name, what
command would be used to get sensitive information?
Once you have seen the results of the spoofed page, look for the same “Error Type”
section of text you copied before. Copy the new text between the <li> and </li> tags
containing the Error Type again and paste it into the text file with the previous results.
Attachment #1: Attach the requested text from the telnet sessions showing the
difference between remote and localhost requests.
Q3.3.5. What sensitive data was returned when using the localhost request and what
were the actual values returned?
Section 4: IIS 6.0
http://www.microsoft.com/WindowsServer2003/iis/default.mspx
Power on the Win2k3Server virtual machine, which was installed in the first section. The
login is “Administrator” and the password is “password” for this machine.
In order to view the IIS GUI: Click on the Start Menu -> Click the Administative Tools
-> Click on Internet Information Services. This will bring up the IIS control console.
Spend a few minutes getting familiar with the contents of the default webpage and the
options this version of IIS provides
11
To view the default page in a browser, on your Red Hat 4.0 WS machine, enter
http://57.35.6.x+4/ into a browser. This will bring up the IIS default webpage.
Unlike the previous versions of Internet Information Services, version 6.0 is much more
dedicated to the security aspect of web hosting. In versions 5.0, 5.1, it was more up to
the user to reinforce their server with add-ons and personal modifications whereas in 6.0
it is a more complete package that comes with already built in security measures.
Please follow this link and read the article which details all of the built in security
features of IIS 6.0.
http://www.securityfocus.com/infocus/1765
Since IIS 6.0 is much more secure, there have not been very many exploits to date for this
service. Also, because of the more recent release, there has been a limited amount of
time for vulnerabilities to be found. Try out some of the exploits used on IIS 5.0 and 5.1
earlier in this lab to see if they work on IIS 6.0.
Section 5: Lab Addition Suggestions
You may have noticed that this lab was somewhat introductory and limited to only
exploits on IIS versions 5.0 and 5.1. This is because hacking of 6.0 is still under
development. The list below specifies topics that we would like groups to implement:
 Additional exploits and vulnerabilities for versions 5.0 and 5.1 (See Reference
[13] for a comprehensive list of exploits)
 Directions hackers are moving to hack 6.0
 Research the new versions of IIS as they come out and how secure they are
12
References
[1]
“Wikipedia – Internet Information Services,”
http://en.wikipedia.org/wiki/Internet_Information_Services
[2]
“ASP The Global.asa file,” http://www.w3schools.com/asp/asp_globalasa.asp
[3]
“iishack 2000 - eEye Digital Security – 2001,”
http://downloads.securityfocus.com/vulnerabilities/exploits/iishack2000.c
[4]
“Hacking IIS 5.0: The Complete Guide,”
http://www.unleashedportal.com/Article1033.html
[5]
“SecuriTeam IIS 5.0 SEARCH method overflow,”
http://www.securiteam.com/windowsntfocus/5JP0C203PQ.html
[6]
“Microsoft Security: IIS Lockdown Tool,”
http://www.microsoft.com/technet/security/tools/locktool.mspx
[7]
“Inge Henriksen's Technology Blog: Microsoft IIS Remote DoS .DLL Url
exploit,” http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dllurl.html
[8]
“UrlScan Security Tool,”
http://www.microsoft.com/technet/security/tools/urlscan.mspx
[9]
“UrlScan Security Tool 2.0,”
http://www.microsoft.com/windows2000/downloads/recommended/urlscan/
[10]
“Inge Henriksen's Technology Blog: Remote IIS 5.x and IIS 6.0 Server Name
Spoof,” http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60server-name.html
[11]
“Internet Information Services,”
http://www.microsoft.com/WindowsServer2003/iis/default.mspx
[12]
“IIS 6.0 Security,” http://www.securityfocus.com/infocus/1765
[13]
“SecuriTeam.com Exploits Archive 2006,”
http://www.securiteam.com/exploits/archive.html
13
APPENDIX A
Vmware Image Installation Instructions

Follow the steps below to create a [virtual machine name] virtual machine.
 Select File->New->New Virtual machine to create a new virtual machine
 Choose Custom machine and click Next
 Select legacy since these images were created with an older version of
VMware
 Select appropriate virtual machine operating system and also select version.
 Change the name of the machine to [virtual machine name] and change the
directory to /root/vmware/[virtual machine name]
 You will be warned now that you already have a machine at that location,
answer yes (this is what we just copied to there). If you aren’t warned about
this then you have the image files in the wrong location. Go back and make
sure they are in the right place.
 Leave the virtual memory setting as it is. If it gives you problems, you can
increase or decrease the amount of memory for each machine later.
 Select Bridged networking and click Next.
 Choose “Use an existing virtual disk” and click Next.
 On the I/O adapter screen just click next
 Click Browse, go into the /root/vmware/[virtual machine] directory and
choose the filed called “[virtual machine].vmdk”
 Click Finish.
14
APPENDIX B
Configuring IP Addresses for Windows Machines
 Choose Start->Control Panel.
 Click on Network and Internet Connections and then Network Connections.
 Right click on the LAN connection that comes up and choose properties.
 Choose TCP/IP and click properties.
 Change the IP address to two more than your host machine. E.g. 57.35.6.x+2
where x is the last number in your host IP address.
 Make sure the other settings look something like below.
Netmask: 255.255.255.0
Default Gateway: 57.35.6.1
DNS server: 57.35.7.254
 Click OK and then OK again. Exit the control panel window.
 Your windows virtual machine is configured properly now.
Now open up a command window (type cmd in Start->Run) and ping your Red Hat
4.0 WS host machine’s IP address. Press control+c to stop it.
15
ECE4112 Internetwork Security
Lab 12: Internet Information Services
Group Number: _________
Member Names: ___________________
_______________________
Answer Sheet
Prelab Question:
PLQ1. Give a summary of all the versions of IIS and what operating system they
run on.
PLQ2. What is the role of the global.asa file in ASP?
16
Section 2.1
Q2.1.1. What new file is now located in the Win2kServer’s C: folder?
Screenshot #1: Take a screenshot of the C: drive showing the added file.
Q2.1.2. What sort of files would be more useful to a hacker to use along with this
exploit instead of the default file.
Q2.1.3. Look at the outputted text after the program is run. What does this suggest
to you might be ways of preventing this exploit from affecting your server.
Section 2.2
Screenshot #2: Take a screenshot of the TCP stream showing the contents of C:
drive
Q2.2.1. Using the method described above, how would you go about deleting a file,
test.txt, located in the C:/ directory? Make a test.txt file on the Win2kServer virtual
machine and test it out.
17
Q2.2.2. What would the code be to run this application?
Screenshot #3: Take a screenshot of the Win2kServer Task Manager showing the
NOTEPAD.exe running
Section 2.1
Q2.3.1. Describe what happens to the server when the DoS exploit is run
Screenshot #4: Take a screenshot of one of the event logs in Event Viewer created by
the exploit
Section 2.4
Q2.4.1. Are you able to see the Win2kServer’s C: directory?
Q2.4.2. Does the exploit still work?
18
Q2.4.3. How does IIS Lockdown prevent exploits such as the one use in the lab?
Section 3,1
Q3.1.1. How many times did you need to load the page before something different
happened?
Screenshot #5: Take a screenshot of the error message that occurs when IIS crashes
on the WinXP Virtual Machine.
Q3.1.2. Does accessing these other folders also cause to server to crash?
Q3.1.3. What makes the _vti_bin folder different from the other default folders?
Q3.1.4. Does the exploit still make the server crash?
19
Screenshot #6: Take a screenshot of the host machine’s webpage after the exploit
was run against the secured web server.
Section 3.2
Q3.2.1. Does the exploit now make the server crash after URL Scan has been
installed?
Q3.2.2. List all of the URL sequences which URL Scan blocks?
Q3.2.3. What are some extensions that might limit usage of a web server because
they are blocked by URL Scan and why are they important?
Q3.2.4. Can the page be found?
20
Q3.2.5. What does the page now display?
Screenshot #7: Take a screenshot of the web browser after accessing the iisstart.asp
page.
Section 3.3
Q3.3.1. What IP address did the server return when accessing the test.asp page?
Why is this?
Q3.3.2. What value is returned by the variable “SERVER_NAME” from the
test.asp code?
Q3.3.3. Where does the server think the request is coming from, and why is this a
problem?
21
Q3.3.4. Remembering what we previously did to spoof the server name, what
command would be used to get sensitive information?
Attachment #1: Attach the requested text from the telnet sessions showing the
difference between remote and localhost requests.
Q3.3.5. What sensitive data was returned when using the localhost request and what
were the actual values returned?
General Questions
GQ1. How long did it take you to complete this lab?
GQ2. Was it an appropriate length lab?
GQ3. What corrections and or improvements do you suggest for this lab? Please be very
specific and if you add new material give the exact wording and instructions you would
give to future students in the new lab handout. You may cross out and edit the text of the
lab on previous pages to make minor corrections/suggestions. General suggestions like
add tool xyz to do more capable scanning will not be awarded extras points even if the
statement is totally true. Specific text that could be cut and pasted into this lab, completed
exercises, and completed solutions may be awarded additional credit. Thus if tool xyx
adds a capability or additional or better learning experience for future students here is
what you need to do. You should add that tool to the lab by writing new detailed lab
instructions on where to get the tool, how to install it, how to run it, what exactly to do
with it in our lab, example outputs, etc. You must prove with what you turn in that you
actually did the lab improvement yourself. Screen shots and output hardcopy are a good
22
way to demonstrate that you actually completed your suggested enhancements. The lab
addition section must start with the title “Lab Addition”, your addition subject title, and
must start with a paragraph explaining at a high level what new concept may be learned
by adding this to the existing laboratory assignment. After this introductory paragraph,
add the details of your lab addition.
Turn-in Checklist
1234-
Answer Sheet with answers
7 Screenshots
Attachment with telnet output from Section 3.3
Your detailed proposed laboratory enhancements.
23