Complete the following questions in an MS Word Document in APA format. Double space
your work and use APA formatting (example, Arial-11-point or 12-point font using Times
New Roman). You must include both a separate cover and reference page.
1. Understand Access Control Protocols: The two basic forms of medium access
control protocols are CSMA/CD, which is found on star-wired bus local area
networks, and CSMA/CA, which is found on wireless local area networks. List the
differences and similarities of these two protocols. Why would two be needed?
Discuss why CSMA/CD would not be a good choice for a wireless network.
2. Price vs. Performance Scenario: Your Company is opening a new office and you
have been selected to be the IT person. Money is tight and everything (hardware
and software) must be newly provisioned. You will be deploying in an office with 100
people, including a demanding General Manager. There is a "good amount" of file
sharing within the office (which is what your boss said when you asked him that
question). Everyone wants fast Internet (no external application serving will be taking
place from the office), but there will be email.
You decide to utilize the six value chain activities to meet the needs of the
organization. Your first step is to research the differences in all components,
performance, and costs between 100-Mbps. LAN and 1000-Mbps LAN
configurations.
a. Include a table showing the performance and price difference.
b. Given the cost differences, which system would you recommend?
c. Will your choice affect the Internet speed of the users?
d. How would you deliver value and support the needs of the
organization? (Hint: the six value chain activities).
3. Understand the network design process: You create a brief report for the
organization and discuss at least two of the differences and similarities between a
physical network design and a virtual design. (Hint: think blueprint). You assess the
overall importance of design when it comes to building network infrastructure (Hint:
does the design accomplish its purpose?)./n4. Become an expert on switches: In your report: you include why switches are a
very important component in any network. You provide a technical description of the
internal operation of a basic switch. You include how and why is it different from a
hub? You include your opinion on which (switch or hub) is the better choice for the
network.
Directions for Submitting Your Assessment
Compose your assessment in a Microsoft® WordⓇ document including the screenshots and
save it as IT331 YourName_M3_Assessment
Fig: 1
Fig: 2
5. (P31,In modern packet-switched networks, including the Internet, the source host segments long, application layer messages (for example, an image or a music file) into smaller packets and sends the packets into the network. The receiver then reassembles the packets back into the original message. We refer to this process as message segmentation. The figure below illustrates the end-to-end transport of a message with and without message segmentation. Consider a message that is 8 * 106 bits long that is to be sent from source to destination in the figure. Suppose each link in the figure is 2 Mbps. Ignore propagation, queuing, and processing delays. (a) Consider sending the message from source to destination without message segmentation. How long does it take to move the message from the source host to the first packet switch? Keeping in mind that each switch uses store-and-forward packet switching, what is the total time to move the message from source host to destination host? Now suppose that the message is segmented into 800 packets, with each packet being 10,000 bits long. How long does it take to move the first packet from source host to the first switch? When the first packet is being sent from the first switch to the second switch, the second packet is being sent from the source host to the first switch. At what time will the second packet be fully received at the first switch? c) How long does it take to move the file from source host to destination host when message segmentation is used? Compare this result with your answer in part (a) and comment. ) In addition to reducing delay, what are reasons to use message segmentation? e) Discuss the drawbacks of message segmentation. In addition to reducing delay, what are reasons to use message segmentation? -Discuss the drawbacks of message segmentation.
. [10 points]Suppose a process in the Host C has a UDP socket with port number 6789. Suppose both Host A and Host B each send a UDP segment to Host C with destination port number 6789. Will both of these segments be directed to the same socket at Host C? If so, how will the process at Host C know that these two segments originated from two different hosts?
client, and there is no other traffic on this path. Assume each packet of size L bits, and both links have the samepropagation delay dprop- (a) What is the packet inter-arrival time at the destination? That is, how much time elapses from when the lastbit of the first packet arrives until the last bit of the second packet arrives? (b) Now assume that the second link is the bottleneck link (i.e., RcjRs). Is it possible that the second packetqueues at the input queue of the second link? Explain. Now suppose that the server sends the second packetT seconds after sending the first packet. How large must T be to ensure no queuing before the second link?Explain. Consider the figure (a) below. Assume that we know the bottleneck link along the path from the server to theclient is the first link with rate Rs bits/sec. Suppose we send a pair of packets back to back from the server to the
Let a denote the rate of packets arriving at a link in packets/sec, and let µ denote the links transmission rate in packets/sec. Based on the formula for the total delay (i.e., the queuing delay plus the transmission delay) derived in the previous problem, derive a formula for the total delay in terms of a and µ. Note that the link's transmission rate in packet/sec is R/L.
Consider the figure below. What are the source and destination port values in the segments flowing from the server back to the clients' processes? What are the IP addresses in the network-layer datagrams carrying the transport-layer segments? Suppose x, y, z are the IPs for A, Band C respectively.
2. [10 points]Consider Amazon e-commerce website that wants to keep purchase record for each of its customers. Describe IN YOUR OWN WORDS how this can be done wit cookies?
2. [20 points]Consider a VC network with a 2-bit field for the VC number. Suppose that the network wants to set up a virtual circuit over four links: link A, link B, link C and link D.Suppose that each of these lin ks is currently carrying two other virtual circuits, and theVC numbers of these other VCs are as follows: In answering the following questions, keep in mind that each of the existing VCs may only betraversing one of the four links. a. If each VC is required to use the same VC number on all links along its path, whatVC number could be assigned to the new VC? b. If each VC is permitted to have different VC numbers in the different links along its path (so the forwarding tables must perform VC number translation), how many different combinations of four VC numbers (one for each of the four links)could be used?
SEED Labs - Firewall Evasion Lab Firewall Evasion Lab Copyright © 2022 by Wenliang Du. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. If you remix, transform, or build upon the material, this copyright notice must be left intact, or reproduced in a way that is reasonable to the medium in which the work is being re-published. 1 Overview There are situations where firewalls are too restrictive, making it inconvenient for users. For example, many companies and schools enforce egress filtering, which blocks users inside of their networks from reaching out to certain websites or Internet services, such as game and social network sites. There are many ways to evade firewalls. A typical approach is to use the tunneling technique, which hides the real purposes of network traffic. There are a number of ways to establish tunnels. The two most common tunneling techniques are Virtual Private Network (VPN) and port forwarding. The goal of this lab is to help students gain hands-on experience on these two tunneling techniques. The lab covers the following topics: • Firewall evasion • VPN • Port forwarding • SSH tunneling Readings and videos. Detailed coverage of the tunneling technology and how to use it to evade firewalls can be found in the following: Chapter 9 of the SEED Book, Internet Security: A Hands-on Approach, 3rd Edition, by Wenliang Du. See details at https://www.handsonsecurity.net. Lab environment. This lab has been tested on our pre-built Ubuntu 20.04 VM, which can be downloaded from the SEED website. Since we use containers to set up the lab environment, this lab does not depend much on the SEED VM. You can do this lab using other VMs, physical machines, or VMs on the cloud. 2 Task 0: Get Familiar with the Lab Setup We will conduct a series of experiments in this chapter. These experiments need to use several computers in two separate networks. The experiment setup is depicted in Figure 1. We use docker containers for these machines. Readers can find the container setup file from the website of this lab. In this lab, the network 10.8.0.0/24 serves as an external network, while 192.168.20.0/24 serves as the internal network. The host 10.8.0.1 is not a container; this IP address is given to the host machine (i.e., the VM in our case). This machine is the gateway to the Internet. To reach the Internet from the hosts in both 192.168.20.0/24 and 10.8.0.0/24 networks, packets must be routed to 10.8.0.1. The routing has already been set up. SEED Labs - Firewall Evasion Lab 10.8.0.1 Internet A1 #ip -br address lo 10.8.0.5 ethl@if1907 eth0@if1909 B UP UP A2 UNKNOWN 10.8.0.0/24 10.8.0.6 A 192.168.20.99 10.8.0.99 192.168.20.0/24 Figure 1: Network setup Identify which services are running on each of the inside and outside hosts B1 192.168.20.5 Router configuration: setting up NAT. The following iptables command is included in the router configuration inside the docker-compose.yml file. This command sets up a NAT on the router for the traffic going out from its eth0 interface, except for the packets to 10.8.0.0/24. With this rule, for packets going out to the Internet, their source IP address will be replaced by the router's IP address 10.8.0.11. Packets going to 10.8.0.0/24 will not go through NAT. iptables -t nat -A POSTROUTING ! -d 10.8.0.0/24 -j MASQUERADE -o eth0 127.0.0.1/8 192.168.20.11/24 10.8.0.11/24 10.8.0.11 (eth0) In the above command, we assume that eth0 is the name assigned to the interface connecting the router to the 10.8.0.0/24 network. This is not guaranteed. The router has two Ethernet interfaces; when the router container is created, the name assigned to this interface might be eth1. You can find out the correct interface name using the following command. If the name is not eth0, you should make a change to the command above inside the docker-compose. yml file, and then restart the containers. Router (Firewall) // Ingress filtering: only allows SSH traffic iptables -A FORWARD -i eth0 -p tcp -m conntrack \ --ctstate ESTABLISHED, RELATED -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp -j DROP 192.168.20.11 (eth1) // Egress filtering: block www.example.com iptables -A FORWARD -i eth1 -d 93.184.216.0/24 -j DROP B2 192.168.20.6 2 Router configuration: Firewall rules. We have also added the following firewall rules on the router. Please make sure that eth0 is the interface connected to the 10.8.0.0/24 network and that eth1 is the one connected to 192.168.20.0/24. If not, make changes accordingly. SEED Labs - Firewall Evasion Lab The first rule allows TCP packets to come in if they belong to an established or related connection. This is a stateful firewall rule. The second rule allows SSH, and the third rule drops all other TCP packets if they do not satisfy the first or the second rule. The fourth rule is an egress firewall rule, and it prevents the internal hosts from sending packets to 93.184.216.0/24, which is the network for www.example.com. Lab task. Please block two more websites and add the firewall rules to the setup files. The choice of websites is up to you. We will use them in one of the tasks. Keep in mind that most popular websites have multiple IP addresses that can change from time to time. After adding the rules, start the containers, and verify that all the ingress and egress firewall rules are working as expected. Block the following: www.miami.edu (has multiple addresses) and www.fpl.com 3 Task 1: Static Port Forwarding 3 The firewall in the lab setup prevents outside machines from connecting to any TCP server on the internal network, other than the SSH server. In this task, we would like to use static port forwarding to evade this restriction. More specifically, we will use ssh to create a static port forwarding tunnel between host A (on the external network) and host B (on the internal network), so whatever data received on A's port X will be sent to B, from where the data is forwarded to the target T's port Y. In the following command, we use ssh to create such a tunnel. you do not need the < and > in your command, these just indicate a field that you must fill in $ ssh -4NT -L <A's IP>:<A's port X>:<T's IP>:<T's port Y> <user id>@<B's IP> // -4: use IPv4 only, or we will see some error message. // -N: do not execute a remote command. // -T: disable pseudo-terminal allocation (save resources). run the command on A Regarding A's IP, typically we use 0.0.0.0, indicating that our port forwarding will listen to the connection from all the interfaces on A. If want to limit the connection from a particular interface, we should use that interface's IP address. For example, if we want to limit the connection to the loopback interface, so only the program on the local host can use this port forwarding, we can use 127.0.0.1:<port> or simply omit the IP address (the default IP address is 127.0.0.1). 4 Task 2: Dynamic Port Forwarding use 0.0.0.0 for A's ip address and 9000 for A's port number, the Target, T, is B1 so B1_address:telnet_port_number Lab task. Please use static port forwarding to create a tunnel between the external network and the internal network, so we can telnet into the server on B1. Please demonstrate that you can do such telnet from hosts A, A1 and A2. Moreover, please answer the following questions: (1) How many TCP connections are involved in this entire process. You should run wireshark or tcpdump to capture the network traffic, and then point out all the involved TCP connections from the captured traffic. (2) Why can this tunnel successfully help users evade the firewall rule specified in the lab setup? Draw a diagram of the connections and the tunnel between the machines In the static port forwarding, each port-forwarding tunnel forwards the data to a particular destination. If we want to forward data to multiple destinations, we need to set up multiple tunnels. For example, using port forwarding, we can successfully visit the blocked example.com website, but what if the firewall blocks many other sites, how do we avoid tediously establishing one SSH tunnel for each site? We can use dynamic port forwarding to solve this problem. In the lab setup, the router already blocks example.com, so hosts on the internal network cannot access the example.com website. Please add firewall rules to the router, so two more websites are blocked. Remember to shutdown the port forwarding between each task SEED Labs - Firewall Evasion Lab The choice of the websites is up to individual students. Please provide evidences to show that the websites are indeed blocked. Block the following: www.miami.edu (has multiple addresses) and www.fpl.com 4.1 Task 2.1: Setting Up Dynamic Port Forwarding We can use ssh to create a dynamic port-forwarding tunnel between B and A. We run the following com- mand on host B. In dynamic port forwarding, B is often called proxy. $ ssh -4NT -D <B's IP>:<B's port X> <user id>@<A's IP> Regarding B's IP, typically we use 0.0.0.0, indicating that our port forwarding will listen to the connection from all the interfaces on B. After the tunnel is set up, we can test it using the curl command. We specify a proxy option, so curl will send its HTTP request to the proxy B, which listens on port X. The proxy forwards the data received on this port to the other end of the tunnel (host A), from where the data will be further forwarded to the target website. The type of proxy is called SOCKS version 5, so that is why we specify socks5h. $ curl --proxy socks5h://<B's IP>:<B's port> <blocked URL> Lab task. Please demonstrate that you can visit all the blocked websites using curl from hosts B, B1, and B2 on the internal network. Please also answer the following questions: (1) Which computer establishes the actual connection with the intended web server? (2) How does this computer know which server it should Draw a diagram of the connections and the tunnel between the machines connect to? 4.2 Task 2.2: Testing the Tunnel Using Browser We can also test the tunnel using a real browser, instead of using curl. Although it is hard to run a browser inside a container, in the docker setup, by default, the host machine is always attached to any network created inside docker, and the first IP address on that network is assigned to the host machine. For example, in our setup, the host machine is the SEED VM; its IP address on the internal network 192.168.20.0/24 is 192.168.20.1. To use the dynamic port forwarding, we need to configure Firefox's proxy setting. To get to the setting page, we can type about:preferences in the URL field or click the Preference menu item. On the General page, find the "Network Settings" section, click the Settings button, and a window will pop up. Follow Figure 2 to set up the SOCKS proxy. Lab task. Once the proxy is configured, we can then browse any website. The requests and replies will go through the SSH tunnel. Since the host VM can reach the Internet directly, to make sure that our web browsing traffic has gone through the tunnel, you should do the following: (1) run tcpdump on the router/- firewall, and point out the traffic involved in the entire port forwarding process. (2) Break the SSH tunnel, and then try to browse a website. Describe your observation. Cleanup. After this task, please make sure to remove the proxy setting from Firefox by checking the "No proxy" option. Without a proper cleanup, future labs may be affected. SEED Labs - Firewall Evasion Lab Configure Proxy Access to the Internet No proxy Auto-detect proxy settings for this network Use system proxy settings Manual proxy configuration HTTP Proxy OOO HTTPS Proxy FTP Proxy req SOCKS Host <proxy's IP address> SOCKS v4 #!/bin/env python3 import socks Also use this proxy for FTP and HTTPS Connection Settings » B SOCKS V5 Figure 2: Configure the SOCKS Proxy s = socks.socksocket () s.set_proxy (socks.SOCKS5, "<proxy's IP>", <proxy's port>) s.connect (("<server's IP or hostname>", <server's port>)) print (response.split (b"\r\n") ) response s.recv (2048) Port Port Port 0 0 4.3 Task 2.3: Writing a SOCKS Client Using Python For port forwarding to work, we need to specify where the data should be forwarded to (the final destination). In the static case, this piece of information is provided when we set up the tunnel, i.e., it is hard-wired into the tunnel setup. In the dynamic case, the final destination is dynamic, not specified during the setup, so how can the proxy know where to forward the data? Applications using a dynamic port forwarding proxy must tell the proxy where to forward their data. This is done through an additional protocol between the application and the proxy. A common protocol for such a purpose is the SOCKS (Socket Secure) protocol, which becomes a de facto proxy standard. Since the application needs to interact with the proxy using the SOCKS protocol, the application soft- ware must have a native SOCKS support in order to use SOCKS proxies. Both Firefox and curl have such a support, but we cannot directly use this type of proxy for the telnet program, because it does not provide a native SOCKS support. In this task, we implement a very simple SOCKS client program using Python. 0 Port <port#> E hostname = "www.example.com" b"GET / HTTP/1.0\r\nHost: + hostname.encode('utf-8′) + b″\r\n\r\n" s.sendall (req) response = s.recv (2048) while response: this is what we discussed in class 5
3. Consider a Chord DHT-based system for which k bits of an m-bit identifier space have been reserved for assigning to superpeers. If identifiers are randomly assigned, how many super peers can one expect to have in an N-node system?
Consider sending a large file of F bits from Host A to Host B. There are three links (and two switches) between A and B, and the links are uncongested (that is, no queuing delays). Host A segments the file into segments of S bits each and adds 80 bits of header to each segment, forming packets of L=80 + S bits. Each link has a transmission rate of R bps. Find the value of S that minimizes the delay of moving the file from Host A to Host B. Disregard propagation delay.