Professional Documents
Culture Documents
1. Briefly explain the Ping of Death attack and its prevention mechanisms.
POD attack is based on the possibility of building, through the ping command, an IP
datagram exceeding 65535 bytes, fragmented into N pieces, with the aim to lead to
inconsistencies in the reassembly. When reconstructing the original packet to the
destination, errors will occur if there are deficiencies in the implementation of the system
TCP/IP stack that could cause degradation or crash of the system attacked.
Prevention:
- Control size of IP fragmentation data
- Blocking ping: You prevent people from pinging you at all. This could possibly break
some things that rely on ping
2. Very briefly explain (only an overview, with no much details) how IPv6 implements
security, including the security provided, and how it has been adapted to be used in IPv4.
3. Briefly explain what a Virtual Private Network (VPN) at network layer is and how it is
implemented. What relationship is there between IPSec and VPNs?
4. Briefly explain the TCP RST attack, including 1 of its 2 prevention mechanisms.
DoS and finishes active connections. Segments with the RST bit set are sent to a host.
As packets can arrive out of order, the TCP stack will accept packets out of sequence, as
long as they are within a certain 'distance' or 'window' from the most recent ACK seq
number. The established connections are finished at once.
4
- Verify that the sequence number of RST packets is either the next expected sequence
number, or the last acknowledged sequence number.
- For an RST attack to succeed, attacker must guess an approximate sequence number,
resulting in a flood of RST packets. Protection: detection of RST floods, and dropping of
consecutive RST packets for a certain penalty period.
5. Taking into account the features and the main fields in the PDUs, briefly describe the
security provided by SSH.
6. Briefly explain the two Linux tools that provide firewall functionality.
- netfilter: It is a set of routines present in the GNU/Linux operating system kernel that
handle data traffic, both inbound and outbound, that access to the operating system or
applications.
- iptables: It is the name of the user tool with which the administrator can create NAT and
packet filtering rules.
7. Briefly explain what social engineering is. Briefly describe 2 types of social engineering
attacks.
8. Briefly explain the 3 main components of an Intrusion Detection Systems (IDS) and their
functionality.
- Sensors: Monitor the host and/or network to detect suspicious activity and send
information to analyzers.
- Analyzers/correlators: Analyze the information sent by the sensors and produce alerts
based on information from a database.
- Response Units: According to the received alarms activate countermeasures to stop or
prevent attacks (block connections, closing ports, blocking user accounts, etc.).
-----
5
9. Briefly explain the Replay attacks against Mobile IP and the basic prevention
mechanisms.
Bad guy saves the old valid Registration Request / Binding Update message of Mobile
Node, and re-send it to Home Agent.
Then the Home Agent will forward packets to the old Care-of-address, rather than the
new allocated Care-of-address of the Mobile Node.
10. Briefly discuss the security requirements in Wireless Sensor Networks (WSN) vs Ad hoc
networks.
The Bitcoin miners propose new blocks for the block chain when they mine new Bitcoin.
Take several unverified transactions T,
plus the digest of the most recent block in the ledger D,
plus a random guess R,
and do the following SHA-256 calculation: sha-256(T, D, R) = digest
The miners keep guessing different values of R until they find a digest with the required
number of leading zeroes.
-----