Question 1
This assignment question requires that you analyse a packet
capture dump file (http_gzip.pcap) and
provide comments explaining each packet. This pcap file contains only ten
packets. Your task is to annotate each
packet commenting on the following characteristics.
·
Comment on any significant TCP
flags and what they mean in the context of the packet capture. Significant
flags include SYN, FIN, RST, and URG.
You must explain why the flag has been set and what it means for this
TCP connection.
·
Comment on the direction of
each packet (ie. client -> server or server -> client). Be clear to explain in which direction the
interaction is occurring.
·
Comment on each command and
response between the client and the server. You must explain what each command
does. You should also explain the data
that is exchanged. This will require
that you study Internet documents relating to TCP to understand what the
commands mean.
You should also comment on the 2 port numbers used in this
connection and their significance. For
example, is it an ephemeral or reserved port?
If it is a reserved port, what protocol does it relate to?
On the following page is an example of the template to use
to complete this question. It provides a
brief summary of each packet and has been formatted to include an “explanation”
field underneath each packet. You are to write your comments in this
“explanation” field addressing the packet immediately above, based on your
analysis of the packet using Wireshark. Be specific and detailed. Any vague or limited responses will not
attract any marks. Note, that the table
is only a summary of the information provided in the pcap file. Be sure to
comment in relation to information provided in the pcap file using Wireshark,
not just the summary table.
For examples of how to complete the table, be sure to have completed all
3 parts of the Packet Capture Exercises. They are available from the Lectures
and Tutorials page of the course website. Your solution must of course be in
your own words. Do not copy directly
from any examples or you will get zero marks
Question 2:
A small company is connected to the internet via a Router
with firewall and proxy services installed (139.77.5.210).
There are three servers located in a DMZ (138.77.5.0 / 25).
The web server (138.77.5.89) can directly accept requests
(HTTP or HTTPS) from the Internet or from the internal network (192.168.1.0/25).
The DNS server (138.77.5.6) can directly accept requests
from the Internet. The DNS server can also directly accept requests from the
internal network (192.168.1.0/25). However, if the DNS server cannot resolve a
domain name requested by the internal network (192.168.1.0/25), it will contact
the DNS servers on the Internet directly for the name resolution.
On behalf of the users on the internal network (192.168.1.0/25),
the email server (138.77.5.110) sends emails to and receives emails from the
Internet. The users on the internal network (192.168.1.0/25) use IMAP (Internet
E-mail Access Protocol) to read and organise their emails on the email server.
The users on the internal network (192.168.1.0/25) are
allowed to access the Internet only for HTTP, HTTPS and FTP services. However,
the users of the internal network are never allowed to connect to the Internet
directly.
There are 8 client computers and a Database server on the
internal network.
Based on the above advanced network configuration and application
scenarios, answer the following three questions.
A.
Draw a network diagram of this
network including IP addresses.
B.
The firewall services are
installed on the router. Create the firewall rules to implement the packet
filtering and only allow the specified traffic. The firewall rules are to be
created in the following format.
A. C. Briefly explain each rule in
the rule base that you have created.
B.
The proxy services are also
installed on the router to conceal the users of the internal network
(192.168.1.0/25) from the Internet. Suppose that users on the internal
computers send the following requests to the Internet. The proxy services
perform the Port Address Translation (PAT). Complete the following connection
table to show how PAT is working for requests from the users on the internal
network.
Question 3:
Although the course textbook and other resources discuss
several specific network attack vulnerabilities, it is not feasible to cover
all of them. New vulnerabilities are being discovered all of the time, and
there are hundreds of currently known vulnerabilities. Professional network
administrators have to keep themselves current with all possible threat
possibilities. One way of doing this is by performing personal research. In
this case study, you should use the Internet to assist you in developing
responses to the three questions. Use of
the course textbook and supplied resources only is not sufficient to award full
marks. You should use your research skills and go beyond these resources.
You are required to answer the following questions.
a)
Your are
to research a recent ransom type attack via the internet, what type of attack
has been performed by the hackers? You
need to fully justify your answer, not just state the type of attack.
b)
Describe
how the attack may have occurred with sufficient information to explain how a
hacker could carry out the attack. Ensure you include references.
c)
How could
the network administrator prevent such attacks?
You don’t need to provide the actual code – just describe what measures they
would have to implement to ensure that occurrence of an attack could be
minimised.
No comments:
Post a Comment