npns answer key 1

65

Upload: neeraj-singh

Post on 16-Oct-2014

226 views

Category:

Documents


0 download

DESCRIPTION

the strudy notes on computer networks based on the previous year question papers.

TRANSCRIPT

Page 1: NPNS Answer Key 1
Page 2: NPNS Answer Key 1

• You can use http://windom.uccs.edu/~cs522/cgi-bin/routeMask.cgi to find the network address and netmask.a. 135.46.63.10Ans: The router will check the routing entry starting with the longest prefix (/23), 192.53.40.0/23. /23 mean network address is 23 bit and the corresponding network mask is 255.255.255.0. 135.45.63.10 & 255.255.254.0=135.45.62.0 != 192.53.40.0 therefore this entry does not match. Next longest prefix is /22. 135.45.63.10 & 255.255.252.0=135.45.60.0. It matches 135.45.60.0/22 routing entry, therefore the packet will be routed out over Interface 1. With quick observation, we can skip the routing entry with 192.53.40.0/23 but the router cannot.

b. 135.46.57.14Ans: 135.46.57.14 & 255.255.252.0=135.45.56.0. It matches 135.45.56.0/22 routing entry and the packet will be routed out over Interface 0.

c. 135.46.52.2Ans: This address is lower than 135.45.56.0/22. The default route will be used and the packet will be routed out over Router 2.

d. 192.53.40.7Ans: 192.53.40.7 & 255.255.254.0= 192.53.40.0. It matches 192.53.40.0/23 routing entry and the packet will be routed out over Router1.

e. 192.53.56.7Ans: 192.53.56.7 & 255.255.254.0= 192.53.56.0. The default route will be used and the packet will be routed out over Router 2.

Page 3: NPNS Answer Key 1

Problem

Page 4: NPNS Answer Key 1
Page 5: NPNS Answer Key 1

IGMP• Internet Group Management Protocol (IGMP) is the protocol used to support multicasting. To use multicasting, a process on a host must be able to join and leave a

group. A process is a user program that is using the network. Group access is identified by the group address and the interface (NIC). A host must keep track of the groups that at least one process belongs to and the number of processes that belong to the group. IGMP is defined in RFC 1112.

IGMP messages are used by multicast routers to track group memberships on each of its networks. It uses these rules:• The first time a process on a host joins a multicast group, the host will send an IGMP report. This means that every time the host needs to receive messages from a

new group to support its processes, it will send a report.• Multicast routers will send IGMP queries regularly to determine whether any hosts are running processes that belong to any groups. The group address of the

query is set to 0, the TTL field is set to 1, and the destination IP address is 224.0.0.1 which is the all hosts group address which address all the multicast capable routers and hosts on a network.

• A host sends one IGMP response for each group that contains one or more processes. The router expects one response from each host for each group that one or more of its processes require access to.

• A host does not send a report when its last process leaves a group (when the group access is no longer required by a process). The multicast router relies on query responses to update this information.

• IGMP is defined in RFC 1112. Hosts and routers use IGMP to support multicasting. Multicast routers must know which hosts belong to what group at any given point of time. The IGMP message is 8 bytes. consisting of:

• Bits 0 to 3 - IGMP version number• Bits 4 to 7 - IGMP type. 1=query sent by a multicast router. 2 is a response sent by a host.• Bits 8 to 15 - unused• Bits 16 to 31 - Checksum• The last 4 bytes - 32 bit group address which is the same as the class D IP address.

• IGMP message formats are encapsulated in an IP datagram which contain a time to live (TTL) field. The default is to set the TTL field to 1 which means the datagram will not leave its subnetwork. an application can increase its TTL field in a message to locate a server distance in terms of hops.

Addresses from 224.0.0.0 to 224.0.0.255 are not forwarded by multicast routers since these addresses are intended for applications that do not need to communicate with other networks. Therefore these addresses can be used for group multicasting on private networks with no concern for addresses being used for multicasting on other networks.

Page 6: NPNS Answer Key 1

What is Kerberos?

• Network authentication protocol

• Developed at MIT in the mid 1980s

• Available as open source or in supported commercial software

Page 7: NPNS Answer Key 1

Why Kerberos?

• Sending usernames and passwords in the clear jeopardizes the security of the network.

• Each time a password is sent in the clear, there is a chance for interception.

Page 8: NPNS Answer Key 1

Firewall vs. Kerberos?

• Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within.

• Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.

Page 9: NPNS Answer Key 1

Design Requirements

• Interactions between hosts and clients should be encrypted.

• Must be convenient for users (or they won’t use it).

• Protect against intercepted credentials.

Page 10: NPNS Answer Key 1

Cryptography Approach• Private Key: Each party uses the same secret key to

encode and decode messages. • Uses a trusted third party which can vouch for the

identity of both parties in a transaction. Security of third party is imperative.

Page 11: NPNS Answer Key 1

How does Kerberos work?

• Instead of client sending password to application server:– Request Ticket from authentication server– Ticket and encrypted request sent to

application server

• How to request tickets without repeatedly sending credentials?– Ticket granting ticket (TGT)

Page 12: NPNS Answer Key 1

How does Kerberos work?: Ticket Granting Tickets

Page 13: NPNS Answer Key 1

How does Kerberos Work?: The Ticket Granting Service

Page 14: NPNS Answer Key 1

How does Kerberos work?: The Application Server

Page 15: NPNS Answer Key 1

Applications

• Authentication• Authorization• Confidentiality• Within networks and small sets of networks

Page 16: NPNS Answer Key 1

Weaknesses and Solutions

If TGT stolen, can be used to access network services.

Only a problem until ticket expires in a few hours.

Subject to dictionary attack.

Timestamps require hacker to guess in 5 minutes.

Very bad if Authentication Server compromised.

Physical protection for the server.

Page 17: NPNS Answer Key 1

The Competition: SSL

SSL Kerberos

Uses public key encryption Uses private key encryptionIs certificate based (asynchronous) Relies on a trusted third party

(synchronous)Ideal for the WWW Ideal for networked environmentsKey revocation requires Revocation Server to keep track of bad certificates

Key revocation can be accomplished by disabling a user at the Authentication Server

Certificates sit on a users hard drive (even if they are encrypted) where they are subject to being cracked.

Passwords reside in users' minds where they are usually not subject to secret attack.

Uses patented material, so the service is not free. Netscape has a profit motive in wide acceptance of the standard.

Kerberos has always been open source and freely available.

Page 18: NPNS Answer Key 1

Limitation: Scalability

• Recent modifications attempt to address this problem

• Public key cryptography for Client Authentication and cross realm authentication

• Issues are not resolved

Page 19: NPNS Answer Key 1
Page 20: NPNS Answer Key 1
Page 21: NPNS Answer Key 1
Page 22: NPNS Answer Key 1
Page 23: NPNS Answer Key 1

Example 1

What is the subnetwork address if the destination address is 200.45.34.56 and the subnet mask is 255.255.240.0?

Page 24: NPNS Answer Key 1

Solution

11001000 00101101 00100010 00111000

11111111 11111111 11110000 00000000

11001000 00101101 00100000 00000000

The subnetwork address is 200.45.32.0.

Page 25: NPNS Answer Key 1

Figure 5-6 Example 2

Page 26: NPNS Answer Key 1

Examples: 1023873914.125606 fulton.ssh > spider.1145: P 3066603742:3066603806(64) ack 1646168027 win 17520 [tos 0x10]Here is a breakdown:The black stuff is the time the packet came across our network card (not part of the packet)The dark blue stuff is the source & source port and destination & destination port of the communication taking place.The red stuff are TCP flagsThe olive stuff is the byte sequence/rangeThe light blue stuff is the window size of bytes that the source (sender) is currently prepared to receiveThe green stuff is the TCP type of service S SYN synchronize sequence numbersF FIN sender is finished sending dataR RST reset connectionP PSH push data to receiving process as soon as possible. - none of above four flags is on

Page 27: NPNS Answer Key 1
Page 28: NPNS Answer Key 1
Page 29: NPNS Answer Key 1

1. What tcpheader flags are being used?S, P, F, ‘.’, ack 2. Which node initiates active open? Using which port?“Y1.32790” host using using port 23? 3. What options used in IP header?“tos 0x08” i.e. Maximize throughput for FTP, “T” field set to 1 4. Which node initiates active close?10.50.0.1 5. Which interface being used?Eth0 interface

Page 30: NPNS Answer Key 1
Page 31: NPNS Answer Key 1
Page 32: NPNS Answer Key 1

Classless addressing

Page 33: NPNS Answer Key 1

UDP• TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet.

The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control." Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred. This works because if a packet of data is sent, a collision may occur. When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original.

UDP (User Datagram Protocol) is anther commonly used protocol on the Internet. However, UDP is never used to send important data such as webpages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed! The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed. This is the main reason why streaming media is not high quality.

Page 34: NPNS Answer Key 1

UDP Frame• On the contrary, UDP has been implemented among some trojan horse viruses. Hackers

develop scripts and trojans to run over UDP in order to mask their activities. UDP packets are also used in DoS (Denial of Service) attacks. It is important to know the difference between TCP port 80 and UDP port 80

Page 35: NPNS Answer Key 1

TFTP Message Format

• Unlike FTP, all communication in TFTP is accomplished in the form of discrete messages that follow a particular message format. The reason why TFTP and FTP are so different in this regard is the different transport protocols they use. FTP uses TCP, which allows data to be streamed a byte at a time; FTP also makes use of a dedicated channel for commands. TFTP runs on UDP, which uses a conventional “header/data” formatting scheme.

• The original TFTP standard defines five different types of messages:– Read Request (RRQ), – Write Request (WRQ),– Data (DATA),– Acknowledgment (ACK)– Error (ERROR)

Page 36: NPNS Answer Key 1

POP3 and IMAP4

• POP3 and IMAP4 are Internet protocols that let you retrieve e-mail from an e-mail server to your computer. POP3 and IMAP4 e-mail programs provide basic e-mail functionality. But, generally, POP3 and IMAP4 e-mail programs don't provide the rich e-mail and collaboration features that are provided by Outlook, Outlook Web App, and Outlook Voice Access

Page 37: NPNS Answer Key 1

POP3(Post Office Protocol version 3) Vs IMAP4(Internet Message Access Protocol version 4.)

• POP3 is latest standard protocol designed to receive email messages from an email server. Majority of email service providers furnish POP3 by default and almost all email clients support POP3.

• POP3 is a client-server protocol, wherein your email messages are received and stored for you by your server. It deletes all the email messages soon after you download them. It is specifically designed to enable offline email processing.

• Unlike IMAP4 protocol, POP3 cannot synchronize more than one folder and doesn’t provide any assistance for public folder access.

• IMAP4 – enables the users to view only the header part (containing the name of the sender and

the subject) of their messages. Thus, IMAP4 allows you to download only those messages that you truly want to read.

– you can easily access your email messages even from multiple locations. IMAP4 email allows you to not only access, but also create more than one email folders on the email server.

Page 38: NPNS Answer Key 1
Page 39: NPNS Answer Key 1
Page 40: NPNS Answer Key 1
Page 41: NPNS Answer Key 1
Page 42: NPNS Answer Key 1
Page 43: NPNS Answer Key 1
Page 44: NPNS Answer Key 1
Page 45: NPNS Answer Key 1

SNMP PDU

Page 46: NPNS Answer Key 1
Page 47: NPNS Answer Key 1
Page 48: NPNS Answer Key 1
Page 49: NPNS Answer Key 1
Page 50: NPNS Answer Key 1
Page 51: NPNS Answer Key 1
Page 52: NPNS Answer Key 1
Page 53: NPNS Answer Key 1

Symmetric Key cryptography

Page 54: NPNS Answer Key 1
Page 55: NPNS Answer Key 1
Page 56: NPNS Answer Key 1
Page 57: NPNS Answer Key 1
Page 58: NPNS Answer Key 1
Page 59: NPNS Answer Key 1
Page 60: NPNS Answer Key 1
Page 61: NPNS Answer Key 1
Page 62: NPNS Answer Key 1
Page 63: NPNS Answer Key 1
Page 64: NPNS Answer Key 1
Page 65: NPNS Answer Key 1