Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

SI110 Spring AY13 Alpha:___________ Name:________________________________

advertisement 
SI110 Spring AY13
choose one:
(or more)
Alpha:___________
□ Received
no help
Name:________________________________ Page 1 of 2
□ Received help from:
□ Collaborated with:________________________________________
Homework:
/SI110/The Cyber Battlefield/Firewalls
0. Suppose you lived & studied at a repressive institution that didn’t want to let its
students communicate with the outside world. They have a firewall on the gateway into 10 / 8 / 6 / 0
the institution’s network that drops incoming packets bound for any port other than port
22. They do this to stop students from, for instance, putting up their own webservers
with pictures and stories about the injustices they face. (They allow port 22 so Profs
can work at home.) Explain how you could run a webserver off your computer (which is
inside the network) none-the-less, and explain what extra information (meaning in
addition to your IP address) folks outside the network would need in order to access your
underground website?
1. Consider Configuration A, B, and C pictured below:
Configuration A:
1.2.3.4
Firewall
5.6.7.8
Router
Router
1.2.3.5
5.6.7.9
Configuration B:
1.2.3.4
5.6.7.8
Router
Firewall
Router
1.2.3.5
5.6.7.9
Configuration C:
Firewall
1.2.3.4
Router
1.2.3.5
5.6.7.8
Router
5.6.7.9
If the firewall is configured to drop all packets with destination port 22, then ...
i.
Configuration _____ stops host 1.2.3.4 from connecting via SSH to any host. Explain!
10 / 8 / 6 / 0
ii. Configuration _____ stops any host from connecting to host 5.6.7.8 via SSH. Explain!
10 / 8 / 6 / 0
SI110 Spring AY13
Alpha:___________
Name:________________________________ Page 2 of 2
2. Suppose we have the following network configuration, in which the firewall drops all
traffic with destination port equal to 80, and forwards everything else:
1.2.3.4
5.6.7.8
Router
Firewall
Router
1.2.3.5
5.6.7.9
a. Can host 5.6.7.8 access a DNS name server running on host 1.2.3.5? Explain!
15 / 12 / 9 / 0
b. Can host 5.6.7.8 access a web server running on host 5.6.7.9? Explain!
15 / 12 / 9 / 0
c. Can host 5.6.7.8 access a web server running on host 1.2.3.4? Explain!
15 / 12 / 9 / 0
d. Suppose host 5.6.7.8 has an SSH connection to host 1.2.3.5 running in its terminal
window. If the command nc 1.2.3.4 80 was typed into that terminal window, would the
connection to 1.2.3.4 on port 80 be made, or would the firewall prevent it? Explain!
15 / 12 / 9 / 0
3. Consider these two versions of an ACL for a firewall:
Version 1:
Drop
packets from
Forward packets from
22.10.133.8
Any IP
going to
going to
TCP port
TCP port
15000 on
15000 on
87.52.8.125
87.52.8.125
Version 2:
Forward packets from
Drop
packets from
Any IP
22.10.133.8
going to
going to
TCP port
TCP port
15000 on
15000 on
87.52.8.125
87.52.8.125
(a) Which version allows all hosts other than 22.10.133.8 to connect via TCP to Host
87.52.8.125 on port 15000? (b) Explain why this is not true for the other version.
10 / 8 / 6 / 0
Page 2 of 2
Related documents
1-07 ICS2O3C - Warriors of the Net
1-07 ICS2O3C - Warriors of the Net
1 2
1 2
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
RVS4000 Firmware v1.2.11 Release Note 10/23/2008 Changes:
RVS4000 Firmware v1.2.11 Release Note 10/23/2008 Changes:
MidtermExam - Oakton Community College
MidtermExam - Oakton Community College
How the Internet works
How the Internet works
Exercise 8
Exercise 8
Why we all care: the changing home
Why we all care: the changing home
Introduction to Networking
Introduction to Networking
Firewalls - Brian Kiehl
Firewalls - Brian Kiehl
Manual:IP/Firewall/Connection tracking Connection tracking entries
Manual:IP/Firewall/Connection tracking Connection tracking entries
Chapter 6 : Network Security II CIS3360: Security in Computing Cliff Zou
Chapter 6 : Network Security II CIS3360: Security in Computing Cliff Zou
Document12927713 12927713
Document12927713 12927713
Solving Firewall Policy Anomalies Using Generic Algorithm Abhishek K. Chawan
Solving Firewall Policy Anomalies Using Generic Algorithm Abhishek K. Chawan
making-network-safe-databases-24
making-network-safe-databases-24
Download
advertisement