DOC PREVIEW
NU MSIT 458 - MSIT 458 Homework 7

This preview shows page 1 out of 2 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 2 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 2 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

MSIT 458 Homework 7MSIT 458 Homework 7Notes: 1. To be done by each group.2. Please do not give a simple yes/no as results to some of the questions. Briefly explain why and how you obtain that result.1. Now suppose a new worm break out. The feature of the worm is:1) It targets the TCP 8008 or UDP port 40042) It contains the signature “03 0E FE CC A0” follow by “PASS : RECV” within the 20 bytes of the first one.3) The worm is coming from outside of our network (129.105.100.0/24).Add a firewall rule to block that worm. Suppose the firewall use this kind of rule format:Action Src port dest port flags commentallow/block IPsubnet, use * to refer any hostport number or * (refer any)IPsubnet, use * to refer any hostport number or * (refer any)flag can be TCP, UDPThe description of this ruleWrite firewall rules based on the above format to the Ditty worm traffic towards our network (129.105.100.0/24).Hint: assume that we do not have benign traffic on those services which the ditty worm rely on to propagate.2. In this question, we explore some applications and limitations of a packet filteringfirewall. For each of the question, briefly explain 1) can stateless firewall be configured to defend against the attack and how? 2) if not, what about stateful firewall ? 3) if neither can, what about application-level proxy?a. Can the firewall prevent an online password dictionary attack from theexternal network on the telnet port of an internal machine?b. Can the firewall prevent a user on the external network from opening awindow on an X server in the internal network? Recall that by default anX server listens for connections on port 6000c. Can the firewall block a virus embedded in an incoming email?d. Can the firewall be used to block users on the internal network frombrowsing a specific external IP address?e. Can the firewall prevent external users from exploiting a security bug in aPage 1 of 2CGI script on an internal web server (the web server is serving requestsfrom the Internet)?Page 2 of


View Full Document

NU MSIT 458 - MSIT 458 Homework 7

Documents in this Course
Snort

Snort

25 pages

Hacked

Hacked

23 pages

Hacked

Hacked

6 pages

Firewalls

Firewalls

52 pages

Load more
Download MSIT 458 Homework 7
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view MSIT 458 Homework 7 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view MSIT 458 Homework 7 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?