Name and Surnames: _____________________________________ NIU: ____________

Advanced Networks and Security

Part 2 – Partial Exam
11 January 2017
Duration: 1 hour

1. Briefly explain 4 features of Mobile Ad-hoc Networks (MANET).

- a set of mobile hosts, each with a transceiver

- no base stations; no fixed network infrastructure; no centralized entity
- multi-hop communication
- needs a routing protocol which can handle changing topology
- Etc.

2. Briefly explain the 3 types, and subtypes when exist, of mobility described in DTN (Delay-
and Disruption-Tolerant Networks) and the type of nodes involved.

- Random Mobility: Data Mules: Collect data among nodes to be carried to the Base
Station. Uncontrolled movement of the agent
- Controlled Mobility: Message Ferry: Deliver messages between nodes
+ Ferry-Initiated: ferry moves to the node if necessary
+ Node-Initiated: node moves to the ferry route
- Predictable Mobility: Throwboxes: Strategically placed to increase contact opportunities
between mobile nodes

3. Summarize the 3 mechanisms that Service and Advertisement Protocols provide.

Service discovery protocols provide mechanisms for dynamically discovering available

services in a network and for providing the necessary information to:
- search and browse for services,
- choose the right service (with desired characteristics), and
- configure and utilize the service.

4. Briefly explain the Teardrop attack. Briefly explain the Ping of Death attack.

The Teardrop attack will attempt to make fraudulent use of IP fragmentation to confuse
the operating system in the reconstruction of the original datagram, and so collapse the
system. The goal of Teardrop is making the necessary changes in the position and length
fields to introduce inconsistencies when the reconstruction of the original datagram occur.
Thus, Teardrop and its direct variants will achieve the datagram to be overwritten and to
produce a buffer-overrun error when reassembled.

The Ping of Dead (POD) attack is based on the possibility of building, through the ping
command, an IP datagram exceeding 65535 bytes, fragmented into N pieces, with the
aim to lead to inconsistencies in the reassembly.

4
5. Briefly explain the TCP RST attack, including its 2 prevention mechanisms.

DoS and finishes active connections. Segments with the RST bit set are sent to a host.
As packets can arrive out of order, the TCP stack will accept packets out of sequence, as
long as they are within a certain 'distance' or 'window' from the most recent ACK seq
number. The established connections are finished at once.

- Verify that the sequence number of RST packets is either the next expected sequence
number, or the last acknowledged sequence number.
- For an RST attack to succeed, attacker must guess an approximate sequence number,
resulting in a flood of RST packets. Protection: detection of RST floods, and dropping of
consecutive RST packets for a certain penalty period.

6. Briefly explain the purpose and operation of the FIN SCAN attack.

- A type of scan whose usual aim is to perform network reconnaissance.

- Attacker sends a TCP packet with only the FIN flag set that tends to get past many
firewalls.
- Depending on the Operating system, the answer to the TCP packet may be different,
and tells the attacker several things, that allows the Attacker gets to learn a bit about the
victim OS.

7. Taking into account the layer at which they work, make a brief comparison of PGP
(application layer), SSL/TLS and IPSec security.

- PGP works at application layer, and provides security to specific messages between
applications (some messages may be secured and other not).
- SSL/TLS works at the transport layer, end to end. SSL/TLS operates between two hosts
that do not have to be on the same secure network. -> SSL provides “secure connection”
between two applications.
- IPsec provides security at a low level, directly protecting IP datagrams. IPsec allows to
create a secure network of computers from insecure channels such as Internet or
dedicated lines. -> while IPsec provides “secure communication” between two computers.

8. Briefly explain the DNS Poisoning attack.

- Maliciously created or unintended situation that provides data to a caching name server
that did not originate from authoritative Domain Name System (DNS) sources.

Once a DNS server has received such non-authentic data and caches it for future
performance increase, it is considered poisoned, supplying the non-authentic data to the
clients of the server.
Different information types may be poisoned
This technique can be used to direct users of a website to another site, by the attacker's
choosing.

-----

5
9. Briefly explain the 3 main components of an IDS and their functionality.

- Sensors: Monitor the host and/or network to detect suspicious activity and send
information to analyzers.
- Analyzers/correlators: Analyze the information sent by the sensors and produce alerts
based on information from a database.
- Response Units: According to the received alarms activate countermeasures to stop or
prevent attacks (block connections, closing ports, blocking user accounts, etc.).

10. Briefly explain what are Denial of Service (DoS) attacks against Mobile IP based on, and
the basic prevention mechanism.

- Most DoS attacks in Mobile IP are based on making a false registration in the Home
Agent: → All the traffic of a certain host would be sent to it, and it could send datagrams
in its name!!
- Solution: the specification describes the authentication information that will go in the
Registration Request. [Default algorithm: HMAC-MD5 (“Keyed MD5”); hash with
symmetrical key.] Data integrity+authentication. [Mobile Node & Home Agent negotiate
same secret key before registration]

11. Summarize 4 of the Store-Carry-Forward Security issues in DTN, and include their
solution

- Source: How do I keep my message private? - End-to-end encryption

- Source: How do I know to whom I should forward my message? - Hop-by-hop
authentication
-Carriers: Should I accept / keep this sender’s messages? - Publicly verifiable sender
identity
- Carriers: Should I accept / keep this previous hop’s messages? - Hop-by-hop
authentication
- Destination: How do I know who sent this message? Sender authentication

12. Briefly describe 4 different attacks to RFID.

- Eavesdropping: The RF signal for the wireless data transfer can be picked up with
antennas. Distance typically a small number of meters. Passive devices, much harder to
eavesdrop than active.
- Data modification: Easy to destroy data by using an RFID jammer. Much more difficult
to modify data so it appears to be valid to users.
- Relay attack: Adversary forwards request of reader to victim and relays back its answer
to reader in real time, to carry out a task pretending to be the owner of the victim's smart
card. Similar to a man-in-the-middle attack.
- Lost property: Losing the NFC RFID card or the mobile phone opens access to any
finder and acts as a single-factor authenticating entity. To defeat it, it requires more than
one physically independent authentication factor.
- Walk-off: Lawfully opened access to a secure NFC function or data is protected by time-
out closing after a period of inactivity.
- Tag Manufacture/Cloning; - Reader Impersonator; - Traffic Analysis; - Jamming

-----