1 / 27

EC310 Review

EC310 Review. Rules of Engagement. Teams selected by instructor Host will read the entire questions. Only after , a team may “buzz” by raise of hand A team must answer the question within 5 seconds after buzzing in (must have answer at hand)

maris-koch
Download Presentation

EC310 Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EC310Review

  2. Rules of Engagement • Teams selected by instructor • Host will read the entire questions. Only after, a team may “buzz” by raise of hand • A team must answer the question within 5 seconds after buzzing in (must have answer at hand) • If the answer is incorrect, the team will lose its turn and another team may buzz in. No score will be deducted. No negative scores. • Maximum score is 100. Once reached, that team will stand down for others to participate. Teams will earn all points scored at the end of game. • When selecting a question, Teams must only select questions of different value, unless there are no others, but may be from different categories. • All team members will participate and will answer questions • Only one round - No Daily Doubles, Double Jeopardy or Final Jeopardy

  3. Jeopardy!

  4. TCP/IP 10 pts • Which TCP/IP layer is responsible for processes that provide services to HTTP or FTP? Application Layer

  5. Ethernet 10 pts • How many bytes are in a physical address? 6 Bytes (F2:45:17:FF:71:A2)

  6. Internet Protocol 10 pts • Which of the following is not a valid IP address? • 192.148.2.0 • 0.0.0.0 • 200.256.32.104 • 172.31.22.48 Maximum octet value = 255

  7. ARP 10 pts • Which two layers does the Address Resolution Protocol (ARP) involve? Layer 2 (Data Link) & Layer 3 (Network)

  8. Routing Tables 10 pts • Routing tables are maintained on which of the following: (a) routers (b) host computers (c) both a & b (d) neither

  9. Privileges/Buffer Overflow 10 pts • What does the Linux command sudo do? Executes a single command as the root user!

  10. TCP/IP 20 pts • The Transport layer is encapsulated by which layer? Network Layer (Layer 3)

  11. Ethernet 20 pts • What is the purpose of the CRC field in an Ethernet frame? Error detection (and sometimes correction)

  12. Internet Protocol 20 pts • What is the network address for the IP address 200.32.33.234/23? (Network bits) (Host bits) Zero out the host bits to get… 200.32.00100001.11101010 200.32.00100000.00000000 200.32.32.0

  13. ARP 20 pts • What two types of ARP messages exist? ARP Request & ARP Reply

  14. Routing Tables 20 pts • TRUE/FALSE: It is best to order the routing table by decreasing mask value. True! This is “longest mask matching” principle

  15. Privileges/Buffer Overflow 20 pts • What does setting the setuid permission on an executable program do? Whenever the program is executed it will behave as though it were being executed by the owner!

  16. TCP/IP 40 pts • What is the name of the collection of 1’s and 0’s at layers 5 through 2? Layer 5 – “Message” Layer 4 – “Segment” Layer 3 – “Packet or Datagram” Layer 2 – “Frame”

  17. Ethernet 40 pts • Calculate the bandwidth seen by user 3 if each network is connected via 10 Mbps Ethernet. 4 1 B1 B2 5 2 3 6 10Mbps/3 = 3.33Mbps

  18. Internet Protocol 40 pts • How many addresses can be assigned to hosts on the network 138.43.29.128/26? 32 total bits – 26 network bits = 6 host bits 26-2=62 addresses assignable to hosts. Account for the broadcast and network addresses.

  19. ARP 40 pts • An evil attacker launching an ARP-spoof attempts to associate his ___________ address with the victim’s ___________ address. Answer choices: hardware or IP hardware IP

  20. Routing Tables 40 pts • If a router receives a packet with a destination IP address that does not match any of the networks on the routing table, what does the router do with it? The router sends it to the default router. This is often indicated in the routing table by: MaskNetwork Any Any or /0 0.0.0.0

  21. Privileges/Buffer Overflow 40 pts • What is the correct order for the payload in a buffer overflow attack. Choices are given below: The exploit (shellcode) Repeated return addresses NOP sled NOP Sled The exploit Repeated return addresses

  22. TCP/IP 60 pts • Suppose an application entity wants to send a 100 byte message to a peer entity. If each layer from 4-2 appends a 15 byte header, what percentage of the total frame size is actual application entity data? [100/(100+15+15+15)]*100=69%

  23. Ethernet 60 pts • Assume the Network layer passes the Data Link layer 6030 bytes of information to transmit. How many Ethernet frames will be required? 6030/1500=4.02 -> 5 Frames

  24. Internet Protocol 60 pts • What is the block of addresses assigned to the network 56.45.100.0/23? (Network bits) (Host bits) 56.45.01100100.00000000 =56.45.100.0 (1st Address) 56.45.01100100.00000000 56.45.01100101.11111111 =56.45.101.255 (2nd Address)

  25. ARP 60 pts • What is the fundamental problem with ARP that allows an ARP-spoof to be possible? An ARP reply can be sent (and be accepted!) without an ARP request

  26. Routing Tables 60 pts • Fill in the missing information in the routing table for R1.

  27. Privileges/Buffer Overflow 60 pts • Name and describe two technical solutions to prevent a buffer overflow attack. The non-executable stack: The CPU will not execute any machine instructions located in the portion of main memory reserved for the stack. The stack canary: The CPU checks a known value in memory just prior to the location of the return address (to make sure it was not changed) before resetting the EIP. Address space layout randomization: The stack and the heap are placed in random memory locations, preventing the hacker from easily predicting return addresses’ location.

More Related