Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

ITIS 6167/8167 Midterm Review

advertisement 
ITIS 6167/8167 Final Review
A. ARP protocol and Security
a. What is the purpose of ARP protocol? Why do we need it?
b. What is the purpose of ARP Cache?
c. Why does the ARP cache have a lifetime? Why do not we keep them
forever?
d. What is a gratuitous ARP message? How does it work? What are the
purposes of the message?
e. Difference between ARP poisoning and promiscuous mode of Ethernet
f. Man-in-the-middle attack using ARP poisoning (why do we need to
disable the ICMP redirect function in the attacker?)
g. How to use ARP poisoning to escape IP address based authentication?
Under this condition, how can you maintain the normal responses of the
real web server?
B. IP protocol and security
a. The basics of the IP header
b. What is trace-route and how to use TTL to implement it
c. Why do we need IP fragmentation
d. The procedure to fragment and to set the corresponding fields
e. Fragment of fragment
f. Where and how to reassemble the packets? How to handle a lost fragment?
g. Attacks on IP fragmentation: buffer overflow, DoS, how to use
fragmentation to penetrate firewall
C. ICMP and its security
a. Why will not we send ICMP for errors caused by ICMP error messages?
Why will ICMP packets be sent only to the original source?
b. When host A pings host B, it usually sends out a series of packets. Use
what information can a computer match the ICMP echo reply to a specific
ICMP echo request so that it can measure the network delay?
c. How can we detect the MTU along a transmission path between two hosts?
d. How to use ICMP source quench to conduct attacks to reduce the quality
of connection?
e. What is a smurf attack using ICMP
f. How to use ICMP redirect message to conduct winfreeze attack
D. UDP and its security
a. If the IP protocol already provides host to host connection, why do we
need the protocols at the higher layers?
b. How can we distinguish a UDP header without a checksum from a
checksum equal to “0”
c. What is UDP ping-pong attack and how to conduct it
d. What is DoS attack on UDP and how to conduct it
1
E. TCP
a. Does the TCP protocol assume the data to be structured or structure-free?
b. What is the difference between the URGENT and PUSH data in TCP?
Describe an example for each kind of situations.
c. The receiver can send back a receiver’s window size of “0”. What
mechanism has TCP adopted to avoid dead lock under this condition?
d. Understand the three-way hand shake procedure of the TCP protocol
e. The slow start procedure of TCP to handle congestion
f. Silly window and the countermeasures from the sender and receiver’s
view
g. Why in TCP do we want the sender and receiver to choose random
numbers as the sequence number? Use an example to show how difficult
or easy an attacker can guess the sequence number.
h. The receiver’s window size is too small when we have a very high speed
communication channel between two nodes. Please explain why this is
bad for the network bandwidth usage efficiency. And also describe the
mechanism that has been adopted to mitigate this situation.
i. Please explain the basic idea of SYN cache and SYN cookie to mitigate
the SYN flood attack over TCP.
j. Why is it essential for TCP to use random port number?
k. Attacks on TCP: blind connection reset, blind throughput reduction, and
blind performance degrading attack.
F. DNS and NMAP
a. How can you use the TCP ACK scan to identify whether or not a port is
filtered?
b. What is the IDLE scanning technique used in NMAP? How can it figure
out the status of a port on a target machine?
c. What is the FTP bounce scan? How can it be used to bypass dynamic
packet filtering?
d. Is a domain in DNS a geometric concept?
e. What are circular dependencies and glue records in DNS?
f. Recursive queries and iterative queries in DNS
g. The different between a domain and a zone in DNS
h. DNS ID hacking procedure
i. DNS related and unrelated data attack
j. Understand how virtualization and memory sharing among virtual
machines allow attackers to conduct side channel attacks on other VM.
G. Email safety
a. Traditionally, emails are delivered through multiple intermediate servers
instead of end-to-end (from sender to receiver directly). Please shortly
discuss the advantages of this approach. Why this kind of “open relay” is
no longer supported by most servers?
b. Please describe the major components in the format of an email message
and the functionality of each component. What is the difference between
the header in a mail message and the SMTP encapsulation?
2
c. In the email distribution list, what are the two methods to map a single list
name to a group of email addresses? How to prevent the formation of
email forwarding loops? What are the advantages of the local exploder
and remote exploder?
d. Please shortly describe the coding procedures of base64 and how it
enables various file formats to be sent through the email system.
Understand how the MIME standard allows an email to contain multiple
multimedia components. How does base64 handle the files whose length
is not multiple of three byte?
e. The difference between the POP3 and IMAP protocols.
f. Key establishment to enforce the confidentiality and integrity of the
contents of emails.
g. How to use onion routing to achieve email anonymity?
h. How to use a proxy to achieve email anonymity?
i. What are the major factors that restrict the wide adoption of the PEM
protocol?
H. Fighting the spam emails
a. Please use an example to illustrate how the attacker can use the comment
lines in HTML to help spam emails avoid detection.
b. Please describe the trick of invisible ink to help the spam email avoid
detection.
c. Please describe the tricks of “catch a wave” and “the rake” to help the
spam email avoid detection.
d. Please explain the basic idea of the CRM 114 spam detector. If the sliding
window contains 6 words, how many order-preserving sub-phases will be
generated? For what reasons the authors use hash tables to label the
features of the phrases?
I. Anti Phishing
a. Based on the “PhoolProof Phish prevention” paper, please explain why
compromising either the machine or the user’s mobile device alone will
not impact the safety of the approach.
J. Web security
a. Please fully understand the three examples that we explain in the class for
“how to shop for free on the Internet”. If we describe a similar situation,
you should be able to identify the vulnerability.
K. Remote software attestation
a. In the SWATT approach, the verification program will use randomly
generated contents to overwrite all unused data memory. What is the
purpose of this operation?
b. Traditionally, people think that if all contents in the program memory of a
computer is free of malicious programs, then you are safe. Please explain
how “return oriented attacks” compromise such assumption.
L. Risk analysis and security standards
a. What are the three essential components of “risk analysis”?
3
b. During the risk analysis procedure, in addition to the security experts and
domain experts, why should we get the administrative personnel
(managers) involved?
c. Shortly describe the advantages and disadvantages of quantitative and
qualitative risk analysis.
4
Related documents
Learn TCP/IP Quiz
Learn TCP/IP Quiz
Document
Document
Project-2 Overview
Project-2 Overview
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
上課要求(Network Requirement)
上課要求(Network Requirement)
CS 433
CS 433
CIS 617 - NETWORKS & COMMUNICATION
CIS 617 - NETWORKS & COMMUNICATION
Chapter 7
Chapter 7
Exam Overview
Exam Overview
View File - UET Taxila
View File - UET Taxila
KIS – Cvičenie #1
KIS – Cvičenie #1
Document
Document
TCP/IP For Security Administrators
TCP/IP For Security Administrators
Scanning
Scanning
Address Resolution Protocol
Address Resolution Protocol
Section 7
Section 7
Appendix B Protecting Against Denial of Service Attacks
Appendix B Protecting Against Denial of Service Attacks
Modul 2 - Footprinting Scanning Enumeration
Modul 2 - Footprinting Scanning Enumeration
A Question of Protocol - Labs
A Question of Protocol - Labs
Solution to Wireshark Lab: ICMP
Solution to Wireshark Lab: ICMP
Section 4: Lab 3 Review
Section 4: Lab 3 Review
COEN 252 Computer Forensics
COEN 252 Computer Forensics
Download
advertisement