CS 118 Spring 2011 : Homework 3Problem 1DNS servers also allow reverse lookup; given an IP address, they can provide the corresponding hostname.The process is as follows: given the address 128.112.169.4, the octets are placed in opposite order in a textstring 4.169.112.128.in-addr.arpa and looked up using DNS PTR resource records. PTR records are alsoserved by a distributed hierarchy of DNS servers analogous to that of the normal DNS hierarchy. Supposeyou want to authenticate the sender of a packet by lookup up its hostname, and assume that the source IPaddress in the packet is genuine. Explain the insecurity in converting the source address to a name usingreverse DNS. (Hint: Whose DNS servers would you trust?)The lookup method here requires trusting of the remote site’s DNS PTR data, which may not be trust-worthy. Suppose, for example, that it is known that cicada.cs.princeton.edu trusts gnat.cs.princeton.edu. Arequest for authentication might arrive at cicada from, say, IP address 147.126.1.15, which is not part ofthe princeton.edu domain. If cicada followed the strategy of the exercise here, it would look up the string15.1.126.147.in-addr.arpa in the DNS PTR data. This query would eventually reach the DNS server for PTRzone 1.126.147.in-addr.ar pa, which if malicious might well return the string gnat.cs.princeton.edu regardlessof the fact that it had no connection with princeton.edu. Hostname strings returned by DNS servers forPTR searches are arbitrary, and need not be related to the server’s assigned domain name.The main point here is that the current DNS system does not provide any mechanism to verify the integrityof the mapping data (ie. RRs).Problem 2Suppose Client A initiates a Telnet session with Server S. At about the same time, Client B also initiates aTelnet session with Server S. Provide possible source and destination port numbers carried in the segmentsfor: (Hint: the answers for (c) and (d) depend on your answers for (a) and (b))a. The segments sent from A to S.b. The segments sent from B to S.c. The segments sent from S to A.d. The segments sent from S to B.e. If A and B are different hosts, is it possible that the source port number in the segments from A to Sis the same as that from B to S?f. How about if they are the same host?source port numbers destination port numbersa) A → S (any free port, let’s say I) 23b) B → S (any free port, let’s say J) 23c) S → A 23 Id) S → B 23 Je) Yes.f) No.Page 1 of 2CS 118 Spring 2011 : Homework 3Problem 3UDP and TCP use 1s complement for their checksums. Suppose you have the following three 8-bit bytes:01010101, 01110000, 01001100.a. What is the 1s complement of the sum of these 8-bit bytes? (Note that although UDP and TCPuse 16-bit words in computing the checksum, for this problem, you are being asked to consider 8-bitsummands.) Show all work.b. UDP takes the 1s complement of the sum. In this scheme, how does the receiver detect errors?c. What if we just use the sum as the checksum? In this scheme, how does the receiver detect errors?d. Is it possible that a 1-bit error will go undetected? How about a two-bit error?a)0 1 0 1 0 1 0 1+ 0 1 1 1 0 0 0 01 1 0 0 0 1 0 11 1 0 0 0 1 0 1+ 0 1 0 0 1 1 0 00 0 0 1 0 0 1 0 (end-bit carried around)One’s complement = 1 1 1 0 1 1 0 1b) The 1s complement of the sum is used for the easier detection at the receiver side; To detect er-rors, the receiver simply adds the four words (the three original words and the checksum). If the sumcontains a zero, the receiver knows there has been an error.c) The receiver adds the three original words, and then subtract the checksum. If the result is not zero, thereceiver knows there has been an error.d) All one-bit errors will be detected, but two-bit errors can be undetected (e.g., if the last digit of the firstword is converted to a 0 and the last digit of the second word is converted to a 1).Page 2 of
View Full Document
Unlocking...