Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

United States Naval Academy Electrical and Computer Engineering Department

advertisement 
EC310 Twelve Week Exam Spring 2015
April 2, 2015
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 12 Week Midterm – Spring 2015
1.
2.
3.
4.
5.
6.
Do a page check: you should have 8 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use two single-sided hand-written pages of notes.
Turn in your two single-sided hand-written pages of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
____________________
Instructor:
____________________
Problem
Topic
Possible
1
Buffer Overflow
16
2
Routing
12
3
Ethernet and Address Resolution
28
4
IP and Man-in-the-Middle Attack
44
TOTAL
100
Points
Page 1 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
Question 1 (16 pts). You are using a Linux system where no user has been granted sudo privileges. After
typing in the command ls –l gethappy.exe you see:
This file is owned by atwood who is a member of the group named instructor.
(a) (3 pts) You (midshipman) are not a member of the group instructor. What command would
atwood have to enter to give you (and all other users) permission to read and execute the
gethappy.exe file?
Answer:
The owner atwood then makes some changes to permissions and you now see:
Suppose that Evil Jose is executing the file gethappy.exe. He inserts malicious code onto the program's
stack. His malicious code is 40 bytes long and is intended to open a command prompt. He guesses that his 40byte exploit is on the stack at address bffff7d0, so he follows his exploit with several repetitions of this
return address. The picture on the below left indicates how Jose believes the stack is arranged.
Unfortunately (for him), Evil Jose guessed wrong about the location of his 40-byte exploit: it is actually stored
starting at address bffff7cc. The picture on the below right indicates how the stack is actually arranged.
(Note that Jose did guess the correct location of where the return address is stored.)
Jose finds out that his attack is not working.
What Evil Jose Believes the Stack Looks Like
Reality: The Actual Stack
This question continues on the next page.
Page 2 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
(b) (6 pts) Explain how Evil Jose should have crafted his attack to successfully execute a buffer overflow
without needing to guess the exploit location exactly. Your answer should be no more than a few sentences,
and should indicate what specific tool or technique Evil Jose should have employed, and why this technique
would have helped him.
(c) (3 pts) Suppose Evil Jose eventually gets his exploit to work, and opens a command prompt. When Evil
Jose performs this attack, whose command prompt opens? Explain.
Answer:
(d) (4 pts) Explain how monitoring/checking of the eip register can prevent a program from being exploited by
a buffer overflow. Be specific.
Question 2 (12 pts). Consider the network shown below, where the numbers on the links indicate the cost of
using that link. For example, the cost of using the link from Router A to Router B is 7. The network uses link
state routing.
(a) (6 pts) Sketch the Link State
Packet (LSP) that is crafted by
Router A. Fill in your answer in the
table below.
LSP for Router A
Router
Weight
Router
Weight
(b) (6 pts) Router A sends an IP packet to Router D. What is the path that this packet traverses through the
network? (Your answer should consist of a series of routers, e.g.: "A-B-C-D").
Answer:
Page 3 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
Question 3 (28 pts). Consider the 10 Mbps Ethernet used by the six users (five midshipmen and Evil Jose)
shown below. For each user, we show symbols denoting the IP address and Ethernet address. For example,
MIDN Happy has IP address A and Ethernet address U.
(a) (2 pts) How many bits are in an Ethernet address?
Answer:
(b) (2 pts) What layer of the TCP/IP reference model does the bridge operate at? Answer:
(c) (4 pts) What is the effective data rate seen by MIDN Happy? Answer:
(d) (4 pts) If the bridge were to be replaced by a hub, what would be the effective data rate seen by MIDN
Happy?
Answer:
MIDN Happy now wants to send an IP packet to his friend MIDN GoLucky. He knows MIDN GoLucky's
IP address is C. To determine MIDN GoLucky's Ethernet address, MIDN Happy sends an ARP Request
Message.
(e) (3 pts) What Ethernet address is used as the destination address in the frame that contains the ARP Request
Message in its data field? Answer:
(f) (3 pts) When an IP packet is placed in the data field of an Ethernet frame, the IP packet is said to be (choose
one):
(i)
(ii)
(iii)
(iv)
(v)
Packetized
Encapsulated
Framed
Segmented
Transported
This question continues on the next page.
Page 4 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
(g) (4 pts) After learning MIDN GoLucky's Ethernet address, MIDN Happy sends a 9001 byte IP packet to
MIDN GoLucky. How many Ethernet frames were needed to send this IP packet? Show work.
Answer:
(h) (6 pts) Suppose that a number of ARP exchanges have taken place and all six users have a complete and
correct ARP cache, showing the correct IP address – Ethernet address pairings for all users.
MIDN Happy then launches an ARP spoofing attack against Evil Jose. After completing the attack,
whenever a user sends an IP packet to Evil Jose , the IP packet will be sent to MIDN Happy instead.
To accomplish this attack, MIDN Happy sends an unsolicited ARP reply that contains an incorrect IP
address – Ethernet address pairing.
Construct the complete ARP cache for MIDN GoLucky after the ARP spoofing attack is completed. Place
your answer in the table below. Use the IP address and Ethernet address symbols shown in the figure on the
previous page.
ARP cache for MIDN GoLucky
IP Address
Ethernet Address
Page 5 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
Question 4 (44 pts). Examine the network shown below. MIDN Happy (whose IP address is 2.2.2.10)
regularly accesses the EC310 website (IP address 7.7.7.179).
(a) (2 pts) How many bytes are in an IP address?
Answer:
(b) (10 pts) Considering the network shown above, construct the routing table for Router B. Place your answer
in the table below, leaving any unused rows blank.
(c) (2 pts) What layer of the TCP/IP reference model does a router (such as RB in the picture) operate at?
Answer:
This question continues on the next page.
Page 6 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
(d) (2 pts) In one sentence, what is the purpose of a network mask?
Answer:
Evil Jose is located on the 5.5.5.0/24 network and wants to prevent MIDN Happy from reaching the EC310
website at 7.7.7.179. He turns his computer into a router using Loki and advertises a false network. The
advertisement for this false network propagates to Router RB.
In the table below, under the target's network (7.7.7.128), and the target's IP address (7.7.7.179) the bit
values corresponding to the first three octets have been filled in.
(e) (4 pts) In the table below, fill in the bit-values for the last octet of the target's network and the target's IP
address.
(f) (8 pts) Design a false network! Specifically, state the network ID for the false network you would use.
Use the table above to show your work. Your answer should be of the form W.X.Y.Z/n.
Answer:
This question continues on the next page
Page 7 of 8
EC310 Twelve Week Exam Spring 2015
April 2, 2015
(g) (4 pts) The network administrator has decided to employ a passive interface to spoil this attack. Select the
best router, and a best interface on that router, for employment of a passive interface. (Note that this
question is asking you to first choose the best router, and then choose one of the interfaces on that specific
router.) Answer this question by placing an asterisk directly next to your chosen router interface on the
picture on the preceding page, and writing next to this asterisk: "Answer for g".
Questions (h) – (j) below are not related to the previous questions.
(h) (4 pts) Express the mask for the network 6.6.6.128/27 in dotted decimal notation.
Answer:
(i) (4 pts) How many IP addresses are available for assignment to hosts on the network 6.6.6.128/27 ?
Answer:
(j) (4 pts) What is the broadcast address for the network 6.6.6.128/27 ? Show your work!
Answer:
Turn in your equation sheet with your exam!
Page 8 of 8
Related documents
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
Quiz 5
Quiz 5
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Download
advertisement