COMP3500 Assignment 2 Solved

1.  What is a zero-day attack and why is it difficult to deal with zero-day attacks? Explain how polymorphism and metamorphism behaviour further complicate the detection of these attacks.

2. Consider sample home network shown in Figure 1. John and Jack are connected to Internet using Gateway with built-in DHCP server provided by their Internet Service Provider

(ISP).  
a.  John is trying to access www.google.com using web browser on his laptop. Explain the background operation in the web browser which enables John to access the google.com server.

b. Jack wants to transparently monitor all the online activity of John. Describe how Jack can monitor all the online activities of John in the home network.

3.  Why is it difficult for the organisations to deal with insider attacks. Give any 2 reasons and justify your answer.   

4. Compare the impact of deassosiation and deauthentication attacks on the stations in WLAN networks.  

5. Consider that a small book store www.bookstore.com managing the orders online as shown in Figure 2. Customers can order the books online by accessing the webserver as a guest user but they do not get any discount on their orders. However, registered customers get 5% discount on their orders. The company has approached you to conduct a penetration testing on their webserver. Describe how you will conduct penetration testing for this scenario. (Hint: State your assumptions. Also, list at least two specific vulnerabilities you would look for in this scenario while conducting the pen testing)  

6.  Consider simple network shown in the Figure 3 which is protected by stateful firewall and the Table 1 shows policies that are enforced in the firewall.  

              IP: 202.202.202.203                                                                                                
Action 
Source Address 
Destination Address 
Protocol 
Source Port 
Destination Port 
Flag Bit 
allow 
202.202.202.202 
Outside of 202.202.202/24 
TCP 
>1023 
80 
any 
allow 
Outside of 202.202.202/24 
202.202.202.202 
TCP 
80 
>1023 
ACK 
allow 
Outside of 202.202.202/24 
202.202.202.203 
TCP 
>1023 
80 
any 
allow 
202.202.202.203 
Outside of 202.202.202/24 
TCP 
80 
>1023 
ACK 
allow 
202.202.202/24 
Outside of 202.202.202/24 
UDP 
>1023 
53 
-
allow 
Outside of 202.202.202/24 
202.202.202/24 
UDP 
53 
>1023 
-
deny 
all 
all 
all 
all 
all 
all 
Table 1: Stateful firewall policies

a. Describe the operation of stateful firewall operation with the flow rules in Table 1. 

b In Figure 3, consider the case where the client machine 1 has initiated SYN message to Google Web Server and the attacker has responded first with SYN/ACK message to the client machine before Google Web Server. Describe the operation of the stateful firewall for this case scenario with the flow rules in Table 1.