SlideShare a Scribd company logo
Guide to Firewalls and Network Security
Chapter 4 Solutions
Review Questions
1.   True or false: Application proxies do packet filtering, not just routers.
     Answer: True

2.   What’s the primary difference between the way routers treat packets and the way application proxies
     handle packets?
     Answer: C

3.   How do content-based filtering programs decide whether or not to allow packets into the protected
     network?
     Answer: D

4.   Which of the following parts of a packet header can potentially be used to attack a network?
     Answer: D

5.   What tells a firewall how to reassemble a data stream that has been divided into packets?
     Answer: B

6.   Why is it important to be familiar with the fields in an IP packet header?
     Answer: Packet filtering works by examining the header fields. Knowing which fields can be filled by
     a hacker with false information can help you set up packet filtering rules to block unauthorized traffic.

7.   What does stateful packet filtering do that stateless packet filtering does not do?
     Answer: It examines the state of communications between source and destination computers and only
     allows traffic to flow through the filter if a connection has successfully been established.

8.   Which of the following is a function of an IP packet footer? (Choose all that apply.)
     Answer: A, C

9.   While it’s true that stateless packet filters aren’t as sophisticated as stateful ones, they are useful in a
     particular situation. What is it?
     Answer: C

10. Which of the following is information that a hacker can insert into a TCP header and that can fool a
    stateless packet filter?
    Answer: B. The other three are all parts of an IP header.

11. What is the most effective security approach for a stateless packet filter?
    Answer: A

12. Why isn’t it practical to filter by the protocol ID field in an IP header?
    Answer: C. B is incorrect because you could block all UDP traffic on a server that does not use UDP,
    for instance.

13. How can ICMP packets be misused by a hacker to gain access to internal network resources? What
    weakness of ICMP packets enables such attacks?
    Answer: ICMP does not provide for authentication to verify the destination address, which enables a
    hacker to insert a false destination IP in the header. If a hacker sends a flood of ICMP Echo requests to
    a host that does not exist, some hosts may crash. If the host is one that performs important services




Guide to Firewalls and Network Security                                                        Chapter 4 Solutions
such as DNS, the hacker can gain access to internal hosts and redirect them to his own computer,
    where he can then attempt to gather private information such as passwords.

14. How would you configure a firewall/packet filter to prevent ICMP attacks?
    Answer: Drop all ICMP Echo requests from external hosts. In addition, drop all ICMP Redirect
    requests from external hosts.

15. Which fragment numbers could be security risks because a packet filter might let them through?
    Answer: B

16. What kinds of packets can cause problems for even a stateful packet filter?
    Answer: B

17. State three legitimate reasons why internal clients need to be able to receive inbound ICMP packets
    from hosts on the Internet.
    Possible answers:
    1. They need to be able to ping external hosts and then receive a response in order to check
    connectivity;
    2. They need to know if a host is unavailable
    3. They need to know if the network is saturated
    4. They need to know if a destination is unreachable

18. Where should a packet be directed when it doesn’t match any host in the interior LAN?
    Answer: C

19. Which two ICMP messages are directly involved in blocking hack attempts? (Choose all that apply.)
    Answers: A, D

20. What is the difference between active and passive FTP that makes stateful packet filtering a good
    choice?
    Answer: Passive FTP uses a port that is determined on the fly, while active FTP uses two ports, one
    for data and one for control.

21. What is the purpose of blocking all ICMP packets after specifying a group of ICMP rules?
    It provides extra security for a firewall that has a “Deny-All” approach to filtering—all ICMP packets
    not specifically covered in the rules will be dropped.



Hands-on Projects
Project 1
“Any application” appears in the application column. Choosing TCP or UDP in the Protocol drop-down list
lets you choose an application for this rule.

Project 2
N/A

Project 3
The author received four alert messages about UDP packets attempting to access port 67.

Project 4
Binary data about the packet is listed at the bottom of the detailed information about the attempted
connection.

Project 5



Guide to Firewalls and Network Security                                                  Chapter 4 Solutions
N/A

Project 6
The exact IP address will vary by network. The default gateway’s address also appears in the Gateway
column in the routing list.



Case Projects
Case Project 1
The request has probably timed out because the site has set up a packet filtering rule blocking echo requests
(Pings) from external clients like yourself—one of the ICMP rules that this chapter suggested you set up.
You would add a rule prohibiting any outbound HTTP traffic to the destination IP 197.34.5.56 on port 80.

Case Project 2
You can two one of two things (or both). First, you can add your computer to the firewall’s list of “trusted”
machines. The exact method varies depending on the firewall program you are using. (See Hands-On
Project 4-4). Alternatively, you could simply set up a rule enabling TCP, UDP, and ICMP communication
between the two machines on all ports.

Case Project 3
You have several options. You could set up a rule that blocks all connection attempts from this particular
host, but as stated in the chapter, this is unreliable because the hacker will simply move to a new host (or
insert a new false source IP address in packet headers). A better option is to block all ICMP packets from
external hosts. You should, additionally, block all ICMP Redirect packets in case any have already
managed to get through your firewall.

Case Project 4

First, you could attempt to filter out recurring messages—unsolicited messages that are sent to recipients
regularly the same host or sender. You would need to review your mail server’s logs or review individual e-
mail inboxes to determine the IP address from which the message originated. You could then set up rules
that would block packets from those IP addresses specifically. This would block only a small proportion of
spam e-mail messages, however. A second, more effective strategy would be to install a special e-mail
filtering program called MailMarshal which can be configured to filter messages based on content rather
than IP address.




Guide to Firewalls and Network Security                                                   Chapter 4 Solutions

More Related Content

What's hot

How to use packet sniffers
How to   use packet sniffersHow to   use packet sniffers
How to use packet sniffers
Deepika Padmanabhan
 
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
Suemi Iarussi
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
12 tcp-dns
12 tcp-dns12 tcp-dns
12 tcp-dns
Culverton Blessy
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
Akhil Kumar
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
IJNSA Journal
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
Rajesh Porwal
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
International Journal of Science and Research (IJSR)
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
guestd05b31
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
phanleson
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
charankumarreddy muddarla
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
vilss
 
Ch09
Ch09Ch09
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep Notes
NathanAn
 
I P S P O O F I N G
I P  S P O O F I N GI P  S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
Scanning
ScanningScanning
Overview of IP traceback mechanism
Overview of IP traceback mechanismOverview of IP traceback mechanism
Overview of IP traceback mechanism
ibnu mubarok
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
Sadan Kumar
 

What's hot (20)

How to use packet sniffers
How to   use packet sniffersHow to   use packet sniffers
How to use packet sniffers
 
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
Monitoramento transmissao hacje2014 03-07 00-50-27-_8.1
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
12 tcp-dns
12 tcp-dns12 tcp-dns
12 tcp-dns
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
 
Ch09
Ch09Ch09
Ch09
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep Notes
 
I P S P O O F I N G
I P  S P O O F I N GI P  S P O O F I N G
I P S P O O F I N G
 
Scanning
ScanningScanning
Scanning
 
Overview of IP traceback mechanism
Overview of IP traceback mechanismOverview of IP traceback mechanism
Overview of IP traceback mechanism
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
 

Similar to Chap04 review

3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
Rio Ap
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Olli-Pekka Niemi
 
Introduction to Firewalls and functions.ppt
Introduction to Firewalls and functions.pptIntroduction to Firewalls and functions.ppt
Introduction to Firewalls and functions.ppt
dalton6070
 
ICMP-IGMP protocols of Network Layer for ipv4
ICMP-IGMP protocols of Network Layer for ipv4ICMP-IGMP protocols of Network Layer for ipv4
ICMP-IGMP protocols of Network Layer for ipv4
AimanFatima200140
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
BachaSirata
 
ICMPV4
ICMPV4ICMPV4
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
Raj Kumar
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
ahmeddeath6
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 .  A covert channel is a communication channel that vio.docxRaphel 1 .  A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docx
catheryncouper
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
Bhargu Bhargavi
 
100197
100197100197
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
Ccna 2 Chapter 8 V4.1 Answers
Ccna 2 Chapter 8 V4.1 AnswersCcna 2 Chapter 8 V4.1 Answers
Ccna 2 Chapter 8 V4.1 Answers
ccna4discovery
 
Firewall
FirewallFirewall
Firewall
Shivank Shah
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
HamesKellor
 
Ch 19 Network-layer protocols - section 2
Ch 19   Network-layer protocols - section 2Ch 19   Network-layer protocols - section 2
Ch 19 Network-layer protocols - section 2
Hossam El-Deen Osama
 
Ccna 2 Chapter 8 V4.0 Answers
Ccna 2 Chapter 8 V4.0 AnswersCcna 2 Chapter 8 V4.0 Answers
Ccna 2 Chapter 8 V4.0 Answers
ccna4discovery
 
Node finder presentation
Node finder presentationNode finder presentation
Node finder presentation
Varun Varshney
 
Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4
Alexander Decker
 
Itep
ItepItep

Similar to Chap04 review (20)

3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 
Introduction to Firewalls and functions.ppt
Introduction to Firewalls and functions.pptIntroduction to Firewalls and functions.ppt
Introduction to Firewalls and functions.ppt
 
ICMP-IGMP protocols of Network Layer for ipv4
ICMP-IGMP protocols of Network Layer for ipv4ICMP-IGMP protocols of Network Layer for ipv4
ICMP-IGMP protocols of Network Layer for ipv4
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
ICMPV4
ICMPV4ICMPV4
ICMPV4
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 .  A covert channel is a communication channel that vio.docxRaphel 1 .  A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docx
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
 
100197
100197100197
100197
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Ccna 2 Chapter 8 V4.1 Answers
Ccna 2 Chapter 8 V4.1 AnswersCcna 2 Chapter 8 V4.1 Answers
Ccna 2 Chapter 8 V4.1 Answers
 
Firewall
FirewallFirewall
Firewall
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
 
Ch 19 Network-layer protocols - section 2
Ch 19   Network-layer protocols - section 2Ch 19   Network-layer protocols - section 2
Ch 19 Network-layer protocols - section 2
 
Ccna 2 Chapter 8 V4.0 Answers
Ccna 2 Chapter 8 V4.0 AnswersCcna 2 Chapter 8 V4.0 Answers
Ccna 2 Chapter 8 V4.0 Answers
 
Node finder presentation
Node finder presentationNode finder presentation
Node finder presentation
 
Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4
 
Itep
ItepItep
Itep
 

Chap04 review

  • 1. Guide to Firewalls and Network Security Chapter 4 Solutions Review Questions 1. True or false: Application proxies do packet filtering, not just routers. Answer: True 2. What’s the primary difference between the way routers treat packets and the way application proxies handle packets? Answer: C 3. How do content-based filtering programs decide whether or not to allow packets into the protected network? Answer: D 4. Which of the following parts of a packet header can potentially be used to attack a network? Answer: D 5. What tells a firewall how to reassemble a data stream that has been divided into packets? Answer: B 6. Why is it important to be familiar with the fields in an IP packet header? Answer: Packet filtering works by examining the header fields. Knowing which fields can be filled by a hacker with false information can help you set up packet filtering rules to block unauthorized traffic. 7. What does stateful packet filtering do that stateless packet filtering does not do? Answer: It examines the state of communications between source and destination computers and only allows traffic to flow through the filter if a connection has successfully been established. 8. Which of the following is a function of an IP packet footer? (Choose all that apply.) Answer: A, C 9. While it’s true that stateless packet filters aren’t as sophisticated as stateful ones, they are useful in a particular situation. What is it? Answer: C 10. Which of the following is information that a hacker can insert into a TCP header and that can fool a stateless packet filter? Answer: B. The other three are all parts of an IP header. 11. What is the most effective security approach for a stateless packet filter? Answer: A 12. Why isn’t it practical to filter by the protocol ID field in an IP header? Answer: C. B is incorrect because you could block all UDP traffic on a server that does not use UDP, for instance. 13. How can ICMP packets be misused by a hacker to gain access to internal network resources? What weakness of ICMP packets enables such attacks? Answer: ICMP does not provide for authentication to verify the destination address, which enables a hacker to insert a false destination IP in the header. If a hacker sends a flood of ICMP Echo requests to a host that does not exist, some hosts may crash. If the host is one that performs important services Guide to Firewalls and Network Security Chapter 4 Solutions
  • 2. such as DNS, the hacker can gain access to internal hosts and redirect them to his own computer, where he can then attempt to gather private information such as passwords. 14. How would you configure a firewall/packet filter to prevent ICMP attacks? Answer: Drop all ICMP Echo requests from external hosts. In addition, drop all ICMP Redirect requests from external hosts. 15. Which fragment numbers could be security risks because a packet filter might let them through? Answer: B 16. What kinds of packets can cause problems for even a stateful packet filter? Answer: B 17. State three legitimate reasons why internal clients need to be able to receive inbound ICMP packets from hosts on the Internet. Possible answers: 1. They need to be able to ping external hosts and then receive a response in order to check connectivity; 2. They need to know if a host is unavailable 3. They need to know if the network is saturated 4. They need to know if a destination is unreachable 18. Where should a packet be directed when it doesn’t match any host in the interior LAN? Answer: C 19. Which two ICMP messages are directly involved in blocking hack attempts? (Choose all that apply.) Answers: A, D 20. What is the difference between active and passive FTP that makes stateful packet filtering a good choice? Answer: Passive FTP uses a port that is determined on the fly, while active FTP uses two ports, one for data and one for control. 21. What is the purpose of blocking all ICMP packets after specifying a group of ICMP rules? It provides extra security for a firewall that has a “Deny-All” approach to filtering—all ICMP packets not specifically covered in the rules will be dropped. Hands-on Projects Project 1 “Any application” appears in the application column. Choosing TCP or UDP in the Protocol drop-down list lets you choose an application for this rule. Project 2 N/A Project 3 The author received four alert messages about UDP packets attempting to access port 67. Project 4 Binary data about the packet is listed at the bottom of the detailed information about the attempted connection. Project 5 Guide to Firewalls and Network Security Chapter 4 Solutions
  • 3. N/A Project 6 The exact IP address will vary by network. The default gateway’s address also appears in the Gateway column in the routing list. Case Projects Case Project 1 The request has probably timed out because the site has set up a packet filtering rule blocking echo requests (Pings) from external clients like yourself—one of the ICMP rules that this chapter suggested you set up. You would add a rule prohibiting any outbound HTTP traffic to the destination IP 197.34.5.56 on port 80. Case Project 2 You can two one of two things (or both). First, you can add your computer to the firewall’s list of “trusted” machines. The exact method varies depending on the firewall program you are using. (See Hands-On Project 4-4). Alternatively, you could simply set up a rule enabling TCP, UDP, and ICMP communication between the two machines on all ports. Case Project 3 You have several options. You could set up a rule that blocks all connection attempts from this particular host, but as stated in the chapter, this is unreliable because the hacker will simply move to a new host (or insert a new false source IP address in packet headers). A better option is to block all ICMP packets from external hosts. You should, additionally, block all ICMP Redirect packets in case any have already managed to get through your firewall. Case Project 4 First, you could attempt to filter out recurring messages—unsolicited messages that are sent to recipients regularly the same host or sender. You would need to review your mail server’s logs or review individual e- mail inboxes to determine the IP address from which the message originated. You could then set up rules that would block packets from those IP addresses specifically. This would block only a small proportion of spam e-mail messages, however. A second, more effective strategy would be to install a special e-mail filtering program called MailMarshal which can be configured to filter messages based on content rather than IP address. Guide to Firewalls and Network Security Chapter 4 Solutions