EC312 Homework 29 Name: Solution Read: (1) Lesson 29 Notes 1. What is the underlying assumption between routers in the routing algorithms they use which makes it possible to conduct a Man-In-The-Middle (MITM) attack? The assumption is that each router can trust the information that other routers are sending it. 2. What three things can an attacker do to your network traffic in a Man-In-The-Middle (MITM) attack and what pillar of Information Assurance is affected during each? (a) The ability to observe traffic violates: Confidentiality (b) The ability to change traffic violates: Integrity (c) The ability to stop traffic violates: Availability 3. Forouzan, P18-25. Circle the router interfaces below to indicate how the packet is routed to its destination. 140.24.7.0/26 140.24.7.64/26 m1 m0 m2 Destination Address: 140.24.7.42 m0 m3 R1 R2 140.24.7.128/26 m2 m1 140.24.7.192/26 4. Two small size companies are to be combined into one medium-sized organization. If the first small-size company uses the IP address block 54.120.16.0/21 and the second uses the IP address block 54.120.24.0/21, what is the aggregate address block that can be used by the new medium-sized company? ??.??.??.??/?? 54. 120 . 0001 1000 . 0000 0000 / 21 54. 120 . 0001 0000 . 0000 0000 / 21 54. 120 . 0001 0000 . 0000 0000 / 20 54.120.16.0/21 54.120.16.0/20 1 54.120.24.0/21 5. An attacker is located on the 5.6.7.0/24 network and wants to prevent midshipmen from reaching a website at 8.8.8.26. He turns his computer into a router using Loki to advertise a false network to Router C. (a) Construct the routing table for Router C. (b) Looking at Router C’s routing table, what network address and mask should the attacker choose? (c) Complete the routing table entry below with your answer from (b) and draw a line into Router C’s routing table showing where the attacker’s false network would go. 2 (d) What is the first and last IP address of the false network you chose for the evil instructor? First Address: 8.8.8.24 Last Address: 8.8.8.31 (e) Does the IP address of the webserver fall within your choice for the evil instructor’s false network? Yes, 8.8.8.26 is between 8.8.8.24 and 8.8.8.31. (f) Given your answer to part (e), whenever a midshipman sends a packet destined for the webserver at 8.8.8.26 where will Router C forward their packet? Will the midshipman ever be able to reach the important website? No, Router C will direct all traffic to the evil instructor using interface eth1. (g) List and briefly describe two technical solutions that could be implemented on Router C to prevent the evil instructor from injecting false routing information. Solution #1, an MD5-hash of a shared secret key: in OSPF, routers can send the hash of a shared secret key along with their LSP to authenticate themselves with other routers. Solution #2, passive interfaces: once a network administrator sets up a passive interface on a router, the router will ignore all routing information being sent over that interface. (h) Who is responsible for implementing these security measures in a network? The network administrator is responsible for implementing these security measures. 3