• amplification attack

• authentication server

• cable modem

• direct authentication

• distributed database

• domain name

• domain name resolver

• domain registrar

• end-to-end principle

• firewall

• flow control

• indirect authentication

• Kerberos

• local authentication

• nslookup

• offline authentication

• OpenID

• packet filtering

• proxy

• three-way handshake

• ticket

• whois

• DNS—domain name system

• DNSSEC—DNS Security Extensions

• DSL—digital subscriber line

• FIN—Finish TCP flag

• ICANN—Internet Corporation for Assigned Names and Numbers

• ICMP—Internet Control Message Protocol

• NIS—Network Information System

• RADIUS—Remote Authentication Dial-In User Service

• SEQ—sequence number

• SYN—synchronize TCP flag

• TLD—top-level domain

• UDP—User Datagram Protocol

• UPnP—Universal Plug and Play

• WINS—Windows Internet Name Service

• www—World Wide Web

1. R1.     Briefly explain the end-to-end principle.

2. R2.     Why are there two separate, standard internet transport protocols: TCP and UDP? How are they similar? How are they different?

3. R3.     Briefly explain how TCP establishes a connection.

4. R4.     What mechanisms does TCP use to provide acknowledgments and flow control?

5. R5.     Why do some websites block “ping” requests? Explain whether websites still need to do this.

6. R6.     Identify and briefly explain two or more denial-of-service attacks that exploit TCP/IP protocols.

7. R7.     Identify and briefly explain two or more attacks on TCP/IP that may route packets to the wrong hosts.

8. R8.     Briefly explain the structure and components of a three-part domain name, like www.amawig.com.

9. R9.     Explain how DNS looks up a domain name using redirection.

10. R10.   Summarize basic attacks on DNS.

11. R11.   Describe how a gateway converts a private IP address into a global IP address using NAT.

12. R12.   What features does a simple, low-cost network gateway provide to protect a small local network from attack?

13. R13.   Why does a typical low-cost network gateway need to provide special mechanisms to handle inbound connections? Why doesn’t it simply forward the packets to the chosen host address?

14. R14.   Identify and describe the four different approaches (“design patterns”) for authentication.

15. R15.   Explain the difference between ticket-based and service-based authentication.

Note: For some problems, your instructor will provide a Wireshark packet capture file that shows a computer starting up and opening a connection to a web page. You will use that packet capture file in exercises marked “Wireshark.”

1. E1.     Write two paragraphs describing the circumstances surrounding a documented attack that took advantage of a TCP/IP protocol weakness. The first paragraph should identify who was attacked, where it took place, and when. The second paragraph briefly describes the protocol weakness used in the attack.

2. E2.     (Wireshark.) Locate a series of packets that establish a TCP connection.

   1. Which packets perform the three-way handshake? Identify them by packet number.

   2. Identify the connection’s source and destination port numbers. Identify the application associated with this connection.

   3. Identify a packet, by number, that “acks” data transmitted on this connection. What is the ACK number provided in that packet?

   4. Identify the packet, by number, that sent some of the data “acked” by the packet in the previous question. What is the SEQ number provided in that packet? How many bytes of data were carried in that packet?

3. E3.     Use “nslookup” or “dnslookup” to look up domain information.

   1. Select a domain name associated with your school or work.

   2. Use the appropriate keyboard command to look up the domain’s IP address. Include the command’s output as an answer to this question.

   3. What is the numerical IP address associated with this domain name?

4. E4.     This question explores domain registration.

   1. Construct a legally formatted domain name that has not been registered. What domain name did you choose?

   2. Visit a registrar and confirm that the name has not been registered and is available for sale. Print out the information and offer for sale from the domain registrar.

   3. How much does it cost to register the domain name you chose?

5. E5.     Select an existing domain name. Look up the owner’s “whois” record. Print out the “whois” record. Highlight or otherwise indicate the name and address to contact about this domain.

6. E6.     We wish to configure our gateway’s NAT to assign addresses in the block 10.23.44.x. We want all host addresses on the LAN, including the gateway, to be in the range of 100–150. Identify the fields in Figure 12.17 that must be filled in to achieve this and what values should be filled in to those fields.

7. E7.     (Wireshark.) Find a DNS Response packet. Be sure that it provides an IP address answer to an earlier DNS Query before answering this question.

   1. What is the packet number of this DNS response packet?

   2. What UDP source and destination port numbers appear in this response packet?

   3. What domain name does this packet provide an answer about?

   4. What IP address is provided as an answer?

   5. What is the packet number of the corresponding DNS query?

   6. What UDP source and destination port numbers appear in the query packet?

8. E8.     FIGURE 12.26 displays a network of hubs, switches, and gateways. When answering the questions, keep in mind the protocol layers provided by these devices. Also, keep in mind how a NAT gateway handles private and global addresses.

   1. Assuming that we only have MAC addresses for hosts A through D, which can reach which? Fill the answers into a reachability matrix. Put a check mark if the host can reach the destination. See Table 11.2 for an example.

   2. Assuming that we have IP addresses for hosts A through D, which can send an unsolicited packet to which? Fill the answers into a reachability matrix.

9. E9.     Kevin is at a computer behind a NAT gateway. The computer’s IP address is 192.168.1.100. He opens a TCP connection to a web server at einsec.com. Use the standard port number and socket address definition described in Section 11.3.

   1. Using the IP address for einsec.com looked up in Section 12.3.2 and the source port number of 44366, give the full socket address for the connection to the web server.

   2. How does a NAT gateway choose a port number for an outgoing packet? Use that technique to choose a port number for this packet.

   3. Assume that the NAT gateway has a global IP address of 11.22.33.44. Using the NAT port number chosen in (b), give the full socket address as seen by the server.

10. E10.   Alice is at a computer behind a NAT gateway that has the private IP address 10.23.44.55. The gateway has the first IP address in the range; she has the fifty-fifth. She opens a connection to a file transfer server at 74.125.224.80.

    1. Choose a five-digit source port number to be used by Alice’s protocol stack.

    2. Given the port number chosen for Alice’s protocol stack above, give the full socket address as seen on the private side of the gateway. The destination port is the customary port for setting up a file transfer, as given in Section 11.3.

    3. Choose another five-digit port number to be assigned by the NAT to this connection.

    4. Assume that the NAT gateway has a global IP address of 11.22.33.44. Using the NAT port number chosen above, give the full socket address as seen on the internet side of the gateway.

11. E11.   The Internet Assigned Numbers Authority has a web server at whois.iana .org that hosts a “whois” service to retrieve information about generic top-level domains, like .com or .mil, or country-specific domains like .us or .ca.

    1. Look up a generic top-level domain. Provide the text output.

    2. Look up a country-specific domain for a foreign country. Provide the text output of the WHOIS record or IANA delegation record.

12. E12.   What authentication pattern is used in your organization when using its computers?

*Refer to Table 12.1 for abbreviations for common top-level domains.