EC310: Applications of Cyber Engineering Exam #2 Alpha: ____________________ Section: ____________________ 12 WEEK EXAM NAME: 1. 2. 3. 4. __SOLUTIONS____ This is individual work. SHOW ALL WORK! Write legibly to receive credit. Turn in your equation sheet. SCORE: ___________/100 1 SCALE >89.5%: 31337 79.5 – 89.5%: H@XX0R 69.5 – 79.5%: G33K 59.5 – 69.5%: $€RiPt K1DD13 <59.5%: n00b EC310: Applications of Cyber Engineering Exam #2 Lesson 11/12 – TCP/IP model/Ethernet Alpha: ____________________ Section: ____________________ 1. [7.5] List the layers of the TCP/IP model and select the letter that best describes the main function of each. (0.5 pts for each table item, 1 pt for each letter) Application Transport Network Data Link Physical a. b. c. d. e. __d__ __b__ __e__ __a__ __c__ Transfers frames across a single link connecting two nodes Responsible for end-to-end flow, error, and congestion control Sends bits over a channel Processes that provide services to users such as HTTP and FTP Responsible for routing packets and internetworking 2. [7] Two standard (10 Mbps) Ethernet topologies are illustrated in Figure 1 and Figure 2 for a network consisting of six computers. Study the figures and answer the questions below. (Show your work for maximum credit) Figure 1 Figure 2 a. How much bandwidth does each user get for the network topology depicted in Figure 1? (2 pts) 10 Mbps / 6 hosts ≈ 1.67 Mbps per host b. How much bandwidth does each user get for the network topology depicted in Figure 2? (2 pts) 10 Mbps / 4 hosts = 2.5 Mbps per host c. How much bandwidth would each user get if a switch was used to connect together the six computers in my network? (3 pts) 10 Mbps / 2 Hosts = 5 Mbps per host 2 EC310: Applications of Cyber Engineering Exam #2 Lesson 13 – Internet Protocol Alpha: ____________________ Section: ____________________ 3. [4] Answer True or False to each of the following statements: (1 pt each) a. An IP address is a software address. T/F b. IP addresses are used at the network layer. T/F c. There are 6 bytes in an IP address. T/F d. Once set, the IP address of a computer never changes. T / F 4. [3] Select from the following those that are valid IPv4 network mask? (There maybe more than 1 correct answer) a. /45 b. 255.255.128.0 c. 128.255.255.0 d. 255.255.240.0 e. /16 5. [9] You are a network administrator and given the following block of addresses from your ISP 137.18.129.128/27 a. How many hosts can you support on this network? (Show your work for maximum credit) (2 pts) 2^5 – 2 = 30 b. What is the first possible host ID? (Show your work for maximum credit) (2 pts) 137.18.129.10000001 = 137.18.129.129 c. What is the last possible host ID? (Show your work for maximum credit) (3 pts) 137.18.129.10011110 = 137.18.129.158 d. What is the broadcast address for your network? (Show your work for maximum credit) (2 pts) 137.18.129. 10011111 = 137.18.129.159 3 EC310: Applications of Cyber Engineering Exam #2 Alpha: ____________________ Section: ____________________ Lesson 14/15 – Routing Part I/II 6. [4] What feature of the Address Resolution Protocol makes it particularly vulnerable to a spoofing attack? An ARP reply may be trusted/accepted in the absence of a preceding ARP request. 7. [4] Fill in the blanks for the below statements that describe the two major categories of routing protocols. (2 pts each) a. In _Distance Vector_ routing, a router will tell its immediate neighbors what it knows about the entire network. b. In _Link State_ routing, a router will tell the entire network what it knows about its immediate neighbor (controlled flooding). 8. [8] Complete the partial routing table for Router C for the destinations listed below. (1 pt each) 4 Destination Destination Next element Total cost A A 5 B I 3 C --- 0 D I 2 E E 5 EC310: Applications of Cyber Engineering Exam #2 Lesson 16 – MITM Attack Alpha: ____________________ Section: ____________________ 9. [4] What does a router assume by default when another router sends it information about the state of its links or the distance between it and other routers? The assumption is that each router can trust the information that other routers are sending it. 10. [20] An attacker is located on the 3.4.5.0/25 network and wants to prevent midshipmen from reaching a website at 8.9.7.96. He turns his computer into a router using Loki and advertises a false network of 8.9.7.80/28 to Router A. EC310 MID c. There are 3 parts to complete this question. i. Fill in the blanks to complete Router A’s routing table. (0.5 pts each) ii. In the line provided below Router A’s routing table, fill in the false route the attacker would inject. (4 pts) iii. Draw a line from the false route pointing to the location in which it would be injected into Router A’s routing table. (2 pts) 5 EC310: Applications of Cyber Engineering Exam #2 Alpha: ____________________ Section: ____________________ d. Will the attacker be successful in redirecting the midshipmen’s traffic? Justify your answer. (5 pts) No, the first and last IP addresses of the false network are 8.9.7.80 and 8.9.7.95, respectively. The webserver’s IP address does not fall within that range. Thus, all traffic destined for the website will not go to the attacker, but towards the webserver as normal. e. List and briefly describe two technical solutions that could be implemented on Router A to prevent the attacker from injecting false routing information. (2 pts each) Solution #1 a simple plaintext-password: added to all LSPs so each router can authenticate the information it is receiving Solution #2 an MD5-hash of the OSPF packet and a shared secret key: in OSPF, routers can send the hash of the OSPF packet and a shared secret key along with their LSP to authenticate themselves with other routers. Solution #3 passive interface: once a network administrator sets up a passive interface on a router, the router will ignore all routing information being sent over that interface. f. Who is responsible for configuring these security measures on Router A (check one)? (1 pt) _________ : The Network User ___ X __ : The Network Administrator _________ : The Network Hardware Manufacturer _________ : The Network Programmer 6 EC310: Applications of Cyber Engineering Exam #2 Alpha: ____________________ Section: ____________________ Lesson 17/18 – Border Gateway Protocol I/II 11. [6] State and briefly describe the two problems solved by partitioning the Internet into a number of separate Autonomous Systems vice using a single routing protocol. (3 pts each) Scalability - Routing tables would become huge. Administration - owners of individual networks may want to set their own rules for routing within their networks, without being concerned with what rules others are electing to follow. 12. [7.5] Which (if any) of the two flavors of BGP would routers in the picture below need to be running. x x x x x 7 EC310: Applications of Cyber Engineering Exam #2 Alpha: ____________________ Section: ____________________ 13. [9] Given the below figure, fill in the BGP Path Table for R4. Note: R1 is preferred over R3. R4 BGP Path Table Networks Next AS N8, N9 R1 AS1, AS2 N10, N11, N12 R1 AS1, AS3 N13, N14, N15 R9 AS1, AS4 14. [7] AS8 wants to transmit packets of data to AS3. Due to a peering conflict, AS8 will not allow packets to traverse through AS7. Circle each link in the path you will take to route packets to AS3 and calculate the total cost. Total Cost: 3+3+3+1 = 10 TURN IN YOUR HAND-WRITTEN EQUATION SHEET WITH YOUR EXAM _____________________________________________________________________________________________