Telecom Networks Test 1

There are 3 questions. Marks allocated to each part are indicated in square brackets.

This exam is open book. You are permitted to consult any resources | textbook, web, notes. But do not discuss the questions and solutions with your classmates. Do not ask anyone else to help you solve the problems.

Question 1 [20 marks]

Inspired by the ntech boom (although a little late to the party), Markus Misguided decides to create an online money payment service similar to PayPal.

His service, PayMe, allows users to transfer money to other users of the system. To ensure that no fraudulent activity takes places, the service issues a pair of keys (public and private) to each user. If Alice (\A") wishes to give X dollars to Bob (\B"), she sends the following message to the PayMe service (\S"):
A ! S : A; B; X; n; fXjngA    (1)
where n is a nonce created by Alice, A    is Alice’s private key, and fMgK    denotes a digital
signature over M computed using the private key K . This notation says that A, B, X and n are transmitted in plaintext. Then the concatenation of X and n is encrypted using Alice’s private key and transmitted.

    a) Is the PayMe scheme secure? To what attack is it vulnerable? And if it is vulnerable, how can it be xed?

    b) Consider a scenario where Alice accesses a website using an http session to buy shoes. The payment page says \Please click here to access the PayMe service. Please transfer $242:50 via PayMe to SpendLessShoes and we will then ship your order to you." If Trudy can intercept this http session, what attack could she execute? Would this attack be successful even after your modi cation to the PayMe scheme in part a)? Describe how you could modify the payment process on the website to avoid such an attack. Make sure that you clearly explain how you have removed the vulnerability.

Question 2 [20 marks]

You are the administrator of a 220:220:0=24 network. You have a gateway available that has 4 con gurable interfaces - br0, br1, eth0 and lo. The rst two, br0 and br1, are internal interfaces. These can be used to split the network into two subnets, and to allow for di erent rules to be applied to di erent user groups.

You have 160 users in total and you want to provide an internal webserver that is only available to 100 special users in your network. You also want to provide a second webserver that is accessible to all users, both internal to your network and external. Finally, you would like to block all outgoing UDP tra c.

1

    a) Provide the iptables instructions that would con gure a rewall at the gateway to achieve these goals. Provide an illustration of your network, clearly indicating the interfaces and the allocated IP spaces (i.e. the subnets). Identify the IP addresses associated with the users with privileged access.

    b) You learn about the Code Red worm and you curse yourself because you’ve been too lazy to patch your IIS server. Luckily it hasn’t been infected yet. You could just pull the plug but the users who are running other jobs on the server would be livid. So you type furiously to recon gure your rewall to give yourself some time to apply the patch. What do you type?

Question 3 [20 marks]

The rst version of the Code Red worm (Code Red v1) accidentally used the same random seed for every thread and every new instance of the worm. As a result each thread and instance scanned exactly the same hosts.

Suppose Code Red v1 allocated 10s to scan each new candidate host (sending the TCP connec-tion request and waiting for a response or a timeout). If the scan was successful, the 10s includes the infection time. Let us assume that 2 million webservers were vulnerable.

The second version of the Code Red worm used random seeds and 100 threads for each machine.

    a) With this process, for the rst miscon gured Code Red v1 worm, how long did it take on average before the rst new susceptible host was identi ed and infected?

    b) How long did it take, on average, before 1000 webservers were infected by Code Red v1? What about 10,000? In your calculations, you can ignore the reduction in the 2 million susceptible hosts.

    c) How long did it take, on average, for the 100 threads of Code Red v2 to nd and infect the rst vulnerable server?

    d) How long did it take, on average, to infect the rst 1000 servers? The rst 10,000? As before, you can ignore the reduction in the susceptible population.
























2