Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

United States Naval Academy Electrical and Computer Engineering Department

advertisement 
EC310 Twelve Week Exam Fall 2015
November 5, 2015
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 12 Week Midterm – Fall 2015
1.
2.
3.
4.
5.
6.
Do a page check: you should have 10 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use two single-sided hand-written pages of notes.
Turn in your two single-sided hand-written pages of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
__SOLUTION__________________
Instructor:
____________________
Problem
Topic
Possible
1
Buffer Overflow
10
2
Privileges and Permissions
10
3
Ethernet and ARP
31
4
IP and False Route Injection
35
5
Routing
14
TOTAL
100
Points
Page 1 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Question 1 (10 pts). Suppose that Evil Instructor is running a program and attempting to perform a buffer
overflow attack. When a function prompts him to enter his name, he enters machine language instructions (an
exploit) that, if executed, will delete the contents of the hard drive.
Suppose the function reserves 40 bytes for the user's name. Evil Instructor's malicious code is also 40 bytes
long. He guesses that his 40-byte exploit is on the stack at address bffff7cc (i.e., he guesses that the
variable name, where he is entering his exploit, is located at address bffff7cc). The picture below indicates
how Evil Instructor believes the stack is arranged. The picture below also shows Evil Instructor's guess about
the location where the saved value of the return address is located on the stack.
Evil Instructor bravely declines to use NOPs, but he does decide to follow his exploit with several repetitions of
the desired return address.
What Evil
Instructor
believes
the stack
looks like
(a) (3 pts) What is the minimum number
of times Evil Instructor will have to
repeat the desired return address if his
exploit is to succeed?
Answer: 4
(b) (4 pts) What is the address that Evil
Instructor should place in the boxes
directly below the 40-byte exploit?
Answer: bffff7cc
(c) (3 pts) Briefly (a sentence or two), explain why Evil Instructor improves the chances of his attack being
successful by repeating the value of the desired return address.
Answer: Words to the effect: "This gives Evil Instructor a number of chances to get the address
correctly positioned in the return address field."
Page 2 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Question 2 (10 pts). Consider the long listing for three files, shown below. The file note1.c is a C program
that writes to the file /tmp/notes. The file note1.exe is the compiled version of note1.c.
The system has six users: midshipman, trevor, connor, buffy, heather and, of course, root. You
are, of course, midshipman.
(a) (4 pts) The user trevor executes the file note1.exe and notices that his attempts to write to the file
/tmp/notes are not successful. Explain why.
Answer:
Words to the effect: "Only the user midshipman is allowed to write to
/tmp/notes…. although trevor can execute note1.exe, he will be prevented from writing to
/tmp/notes."
(b) (2 pts) Suppose it is necessary to grant users the ability to write to the file /tmp/notes, but only when
executing the program note1.exe. What would you (midshipman) need to do to accomplish this?
Select one of the five choices below.
(i)
(ii)
(iii)
(iv)
(v)
You would need to transfer ownership of note1.c to root
You would need to change the mode (chmod) to allow sudo access
You would need to assign sudo access to the file note1.exe
You would need to set the setuid flag on the file note1.exe
You would need to give users the ability to switch user (su)
(c) (4 pts) The user buffy proposes solving this problem (i.e., the need to grant users the ability to write to the
file /tmp/notes, but only when executing the program note1.exe) by having you (midshipman)
enter the following command:
chmod
o+rw
/tmp/notes
How would the effect of this command be different from the effect of the answer you selected in part (b)
above?
Answer: This would give all uses the ability to directly read and write to /tmp/notes directly, in
an uncontrolled fashion (i.e., without needing to use note1.exe).
Page 3 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Question 3 (31 pts). You are examining an Ethernet frame using Wireshark. This Ethernet frame is shown
below. The hexadecimal contents of the Ethernet frame starts as shown:
The frame format for an Ethernet frame is shown below:
(a) (2 pts) What is the source address for this Ethernet frame?
Answer:
00 04 75 c8 d5 dc
(b) (3 pts) If the Ethernet protocol is used to transmit a 6010-byte IP packet, how many frames will be needed?
Show work.
Answer: 5, since 6010/1500 = 4.01 = 5
(c) (3 pts) Which of the following choices is (are) true (circle all that apply):
(i) An Ethernet frame is encapsulated in an IP packet
(ii) An Ethernet frame is decapsulated from an IP packet
(iii) An IP packet is encapsulated in an Ethernet frame
(iv) An IP packet is decapsulated from an Ethernet frame
(v) Some of the hexadecimal digits shown in the Wireshark capture above could represent an IP address
(vi) Ethernet is a network layer protocol
This question continues on the next page.
Page 4 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
The user who sent the frame above is named MIDN Glad. He is on the 10 Mbps Ethernet used by seven users
shown below. All users are very active. For each user, we show symbols denoting the IP address and Ethernet
address. For example, MIDN Glad has IP address E and Ethernet address Y.
(d) (4 pts) What is the average data
rate seen by MIDN Glad? Show
work.
Answer:
10Mbps/3 = 3.33 Mbps
(e) (4 pts) What is the average data
rate seen by Evil Instructor?
Show work.
Answer:
10 Mbps / 4 = 2.5 Mbps
(f) (4 pts) If the bridge were to be replaced by a hub, what would be the average data rate seen by MIDN
Jubilant? Show work.
Answer:
10 Mbps/7 =
1.43 Mbps
(g) (2 pts) True or False: MIDN Joyous's IP address will never change. Circle one: TRUE / FALSE
(h) (2 pts) True or False: MIDN Joyous's Ethernet address will never change. Circle one: TRUE / FALSE
Suppose that a number of ARP exchanges have taken place and all seven users have a complete and correct
ARP cache, showing the correct IP address – Ethernet address pairings for all users. MIDN Jubilant then
launches an ARP spoofing attack against MIDN Happy with the intent of stealing all of MIDN Happy's
packets.
(i) (5 pts) To launch his attack, MIDN Jubilant sends an unsolicited ARP Reply with an IP addressEthernet address pairing. What IP address-Ethernet address pairing does MIDN Jubilant place in this ARP
Reply?
Answer:
IP address A is paired with Ethernet address Z.
(j) (2 pts) Suppose that the bridge above is replaced by a switch. What layer of the TCP/IP model does the
switch reside in?
Answer:
Data Link (also acceptable: Data Link and Physical).
Page 5 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Question 4 (35 pts). Examine the network shown below. MIDN Happy (whose IP address is 2.2.2.70)
regularly accesses the EC310 website (IP address 7.7.7.181).
(a) (4 pts) Express the mask for the network 4.0.4.0/22 in dotted decimal notation.
Answer:
255.255.252.0
(b) (4 pts) How many IP addresses are available for assignment to hosts on the network 4.0.4.0/22 ?
Answer:
210 − 2 =
1022
(c) (4 pts) What is the broadcast address for the network 4.0.4.0/22 ? Show your work!
Answer: 4.0.7.255
This question continues on the next page.
Page 6 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
(d) (9 pts) Considering the network shown above, construct the routing table for Router B. Place your answer
in the table below, leaving any unused rows blank.
(e) (4 pts) Suppose Router B must route an IP packet with destination address 185.74.66.66. If the mask
in the top line of your routing table (shown above) is applied to this IP address, what is the resulting network
address? Show work.
Answer:
185.74.66.64
(f) (2 pts) In light of your routing table for Router B, shown above, what outgoing interface would Router B
send the IP packet whose destination address is 185.74.66.66 ?
Answer:
m1
This question continues on the next page.
Page 7 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Evil Instructor is located on the 5.5.5.48/28 network and wants to prevent MIDN Happy from reaching the
EC310 website at 7.7.7.181. He turns his computer into a router using Loki and advertises a false network.
The advertisement for this false network propagates to Router B.
In the table below, under the target's network (7.7.7.160), and the target's IP address (7.7.7.181) the bit
values corresponding to the IP address have been filled in.
(g) (8 pts) Design a false network using the shortest possible mask (in other words, your mask /n should use
the smallest possible value of n). State the network ID for the false network you would use. Use the table
above to show your work. Your answer should be of the form W.X.Y.Z/n.
Answer: 7.7.7.176/28 with work as shown above
Page 8 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
Question 5 (14 pts). Consider the network shown below which uses distance vector routing. You are router
C. You have just received the following distance vectors from your neighbors:
From B:
A
B
C
D
E
F
From D:
A
B
C
D
E
F
4
0
7
13
7
2
From E:
17
11
4
0
8
10
A
B
C
D
E
F
8
6
6
10
0
4
Your distance to B is 7, your distance to D is 4 and your distance to E is 6.
B
C
A
D
E
(a) (7 pts) What is your new routing
table (include the distance and next
hop for each destination) presuming
that distance-vector routing is used?
Place your answer in the table on the
right, using as many rows as needed.
F
Destination
A
B
C
D
E
F
Distance
11
7
4
6
9
Next hop
B
B
D
E
B
(b) (2 pts) You received a distance vector from Router B. Which other routers in the network will ultimately
receive this distance vector from Router B?
Answer: Besides Router C: A and F
(c) (3 pts) Suppose the routing algorithm for the network above is shifted to link-state routing. Sketch the linkstate packet that will be sent by Router C.
Answer:
B
D
E
Router
Router C
Edge Weight
7
4
6
(d) (2 pts) You send your link state packet to Router B. Which other routers in the network will ultimately
receive this link state packet?
Answer: All of them
Turn in your equation sheet with your exam!
Page 9 of 10
EC310 Twelve Week Exam Fall 2015
November 5, 2015
This page intentionally blank.
Page 10 of 10
Related documents
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
Quiz 5
Quiz 5
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Download
advertisement