Missing Solutions and Corrections:Problem 77a)Can be both stolen and replaced with with another exam7b)Cannot be replaced, but can be stolen. Private key only authenticates, it does not encrypt the exam and so does not provide confidentiality.7c)Cannot be stolen, but can be replaced. Only Dave can decrypt the exam, but anyone could pretend to be Srini and send a different exam.7d) This works7e)This works7f)Diffie-Hellman was not covered. But in case you were curious, http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchangePart DQuestion 9 is deadly tedious. Don't worry if you fall asleep halfway through.9A) (Dst,Final Label) = (B, 1)9B)Switch Tuples:(S1, 4, 2), (S3, 4, 1), (S2, 3, 1)(Dst,Final Label):(B, 19)9C)Switch Tuples:(S3, 2 , 1), (S3, 3, 2),(Dst, Final Label):(B, 15)11)There is a loop in the switch network, so that packet traverses it forever. This impedes validtrafficPart H15b) Correction: If B is sending data to C, C is not going to send an RTS, it will send a CTS. So the answer is D heard the CTS from CPart J18a) Just 10.0.0.3218b) Answer is E. Note that A and D would work, but would also block hosts in Sparky's Network19)INTERNAL – Sparky's AddressesEXTENAL – Addresses in the firewalled range.SRC IP/MASK Src Port Dst IP/Mask Dst Port ACK set ActionINTERNAL ANY EXTERNAL 80 EITHER ALLOWEXTERNAL 80 INTERNAL ANY YES ALLOWACK set means that the ACK bit in the packet is set.Note that in real TCP, the ACK bit is set on all packets except the initial SYN.20)Just spoof the source IP address on the packet. Using port 80 as your destination port may achieve some effect, but this won't help as much as you still won't be able to exploit the machines by connecting to them, as a packet with a SYN|ACK set will likely be dropped if its not the response to another
View Full Document