Suppose a firewall is configured to allow outbound TCP connections but inbound connections only to specified ports. The FTP protocol now presents a problem: When an inside client contacts an outside server, the outbound TCP control connection can be opened normally but the TCP data connection traditionally is inbound. (a) Look up the FTP protocol in, for example, Request for Comments 959. Find out how the PORT command works. Discuss how the client might be written so as to limit the number of ports to which the firewall must grant inbound access. Can the number of such ports be limited to one? (b) Find out how the FTP PASV command can be used to solve this firewall problem.

Suppose a firewall is configured to allow outbound TCP connections but inbound connections only to specified ports. The FTP protocol now presents a problem: When an inside client contacts an outside server, the outbound TCP control connection can be opened normally but the TCP data connection traditionally is inbound. (a) Look up the FTP protocol in, for example, Request for Comments 959. Find out how the PORT command works. Discuss how the client might be written so as to limit the number of ports to which the firewall must grant inbound access. Can the number of such ports be limited to one? (b) Find out how the FTP PASV command can be used to solve this firewall problem.

Comptia A+ Core 1 Exam: Guide To Computing Infrastructure (mindtap Course List)

10th Edition

ISBN:9780357108376

Author:Jean Andrews, Joy Dark, Jill West

Publisher:Jean Andrews, Joy Dark, Jill West

Chapter8: Network Infrastructure And Troubleshooting

Section: Chapter Questions

Problem 8TC

See similar textbooks

Similar questions

Let's say that Host C is running a Web server that listens on port 80. Suppose that this web server is able to maintain persistent connections and responds to requests from both Host A and Host B. Is Host C sending all of the requests over the same connection, or are there many sockets in use? Do each of them have port 80 even though they are broadcast over separate sockets? It's something you need to discuss and provide some clarification on.
In IEEE 802.11, two-way communication is used to authenticate an open system. In order to authenticate the client, the server must give the station ID (typically the MAC address). Response to the client's previous request is either a successful or failed authentication response from the access point/router. An error may arise if, for example, an AP/router configuration does not include the client's MAC address.In what ways is it advantageous to use this kind of authentication scheme?In what ways does this authentication technique have security vulnerabilities that might be mitigated?
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests. a. At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full? b. Assuming that the TCP SYN packet is 40 bytes in size (ignoring framing overhead), how much bandwidth does the attacker consume to continue this attack?
Assume a web server can only receive TCP connections on port 80 (HTTP) and 22 (SSH), but not on any other ports. The web server can only establish connection to a database server hosted on private IP 192.168.100.100 on port 3000, but to no other machines inside or outside the network. Imagine this web server is running Linux, and we’re using iptables to define host-based firewall rules for it. Show the set of iptables commands to install necessary rules for this security policy.
Let's say a client sends three one-byte packets to a server with sequence numbers 1, 2, and 3. Before sending the first packet, a connection is established without any timers. If the first packet reaches the server without any issues, what would be the sequence number in the acknowledgment sent by the server using GBN, SR, and TCP?
Given the following topology of a network where the router connecting the two subnets together, Nodes 1 and 2 are ’inside’ of the subnet neta, Nodes 4 and 5 are ’outside’ of neta and Node 3 with a firewall is the gateway of neta. Try to write rules as general as possible. For example, although there are only two nodes outside, try to write rules such that the policy is achieved even if there were more than two nodes outside. Suppose the default policy is ACCEPT in the firewall on Node 3. Write packet filtering rules for the following goals (each of which is treated separately): Rule 1. Block ping (icmp) packets being forwarded between the two subnets; Rule 2. Block ping packets coming into the firewall;Rule 3. Prevent Node1 from SSHing to any outside nodes; Change the default policy as DROP and write packet filtering rules for the following golas: Rule 4. Allow inside hosts can access outside websites;Rule 5. Allow outside hosts can SSH into Node1. No other access should be allowed.…
Suppose Client A initiates a Telnet session with Server S. At about the same time, Client Balso initiates a Telnet session with Server S. Provide possible source and destination portnumbers for If A and B are different hosts, is it possible that the source port number in the segments from A to S is the same as that from B to S?
if initial values of the sequence number used by both TCP SYN and SYC/ACK packets are always constant values(e.g., both are 0) it will make the TCP session vulnerable to TCP session hijacking attacks. true or false?
Do you have to use a certain EIGRP parameter when distributing a route? The exit interface and the IP address of the following hop are only two examples of the many variables that may have an impact on administrative distance.
Consider the following 4-message protocol: A → S: (B, {(A, K1)}KpbS) S → B: A B → S: (A, {(B, K2)}KpbS) S → A: (B, {K2}K1) Which of the following statements is true, at the end of the protocol, and with regards to the purpose of the protocol: a) Both A and B establish a session key K2, and B is sure of A’s identity b) Both A and B establish a session key K1, and B is sure of A’s identity c) Both A and B establish a session key K1, and A is sure of B’s identity d) Both A and B establish a session key K1, and both B and A are sure of each other’s identity e) Both A and B establish a session key K2, and A is sure of B’s identity f) Both A and B establish a session key K1 g) Both A and B establish a session key K2 h) Both A and B authenticate each other by knowing each other’s identities i) A ends up knowing B’s identity j) B ends up knowing A’s identity k) None of the above l) All of the above
True or false? With nonpersistent connections between browser and origin server, it is possible for a single TCP segment to carry two distinct HTTP request messages.
Write a Java TCP MultipleClient-Server Program for following scenario. NOTE Server Details are in the above figure Client-Server communicates continuously until the Client send Bye to the Server Use Multithreading for Multiple Clients NOTE : 1 cm = 0.39 inches 1 cm = 0.03 foot 1 cm = 0.01 meter Sample Ouput: Client Server 1 – cm to inches 2 – cm to foot 3 – cm to meter Enter length in cms (int) : 10 Received from Server 3.9 inches 1 – cm to inches 2 – cm to foot 3 – cm to meter Enter length in cms (int) : BYE Received from Server BYE Client DISCONNECTED Server Waiting for the Cline to be Connected… CONECTION ESTABLISHED Received From Client 10 cms Sent to Client 3.9 inches Received From Client BYE Sent to Client BYE HINT : When client choses 1 for cm to inches and enter 10, then the client sends the string 110 to the Server. Where the first char ‘1’ represents the cm to inches and the other 2 chars represents the 10.