Network SecuritySample Midterm #2 Answers

Phillip Makpmak@nyu.edu

1a. [3 pts] What’s the cheapest attack (name and amount) that’s Possible? Install Trojan onto Host Computer, $200K1b. [4 pts] What’s the cheapest and most expensive methods (name and amount) that's Possible to Infect Target with Trojan? Cheapest: Malicious Website, $100K; Most Expensive: Get Target to Click on Email Link, $120K1c. [3 pts] Suppose it’s Possible to “Obtain BIOS Password”, and the Cost of Attack for it is $50K. Now, what is the cheapest attack (name and amount) that’s Possible now? Obtain Physical Access to Host, $150K

2. DNS Reconnaissance: Suppose an attacker is performing reconnaissance on ACME Corporation using only the DNS protocol.2a. [6pts] What are three methods using only the DNS protocol that an attacker can use to perform reconnaissance on ACME Corporation? Identify what type of information can be obtained.2b. [4pts] What are two mitigation strategies to minimize what an attacker can obtain from using DNS?DNS Recon Possible types of information obtained

Standard DNS Request

Examples: A (IPv4 Address), AAAA (IPv6 Address), MX (mail server), NS (name server), et al. Full credit entails understanding that information like this can be obtained from DNS

Brute-force Forward DNS

Trying DNS requests on different URLs, such as ftp.nyu.edu and see if it works. This can obtain information about other hosts on the network

DNS Zone Transfer If successful, will obtain all the records on DNS server

Mitigations Description

Split DNS Split the DNS Servers into an internal DNS server and external server. Requests from outside the network can only obtain info on servers accessible from the outside the network

Turn off zone transfer

Disable the ability for host to perform a zone transfer

3. DNS Exploits: Remember that DNS queries are usually recursive, as shown in this diagram: Suppose an attacker wants to perform DNS cache poisoning so the domain name acmecorporation.com is diverted it to a malicious website.

3a. [3 pts] Identify the step number(s) in the diagram in which the attacker can insert traffic to poison the DNS cache. Explain your answer.Steps 3, 5, 7, and 8. The attacker can potentially insert or modify any response to a DNS request.

3b. [6 pts] What are three issues that the attacker needs to overcome in order to successfully poison the DNS cache?1. Timing: the DNS response must be before the actual server responds.2. Transaction ID (sequence number): the DNS transaction ID must match with the

one in the request3. Spoof IP Address of Server: the source IP address must be from the DNS server

3c. [3 pts] Explain the main difficulty with using ingress filtering to prevent IP spoofing. Ingress filtering is only allowing subnets at the router that are supposed to be connected to the router.The difficulty is that ingress filtering must be implemented at all levels of the network as IP spoofing can always occur at a sub-network.

4. [6 pts] Using the standard nmap TCP SYN scan, how does nmap decide if a port is open, closed, or filtered?

TCP SYN Scan

The nmap TCP SYN Scan is the default scan type if nmap as root/admin rights. nmap will send a TCP packet to the target with the SYN flag set, with the destination port set to X. nmap will repeat this for each port.Open: If the port is open, the target will respond with a SYN/ACK, meaning that host is trying to establish a connectionClosed: If the port is closed, the target will respond with a RST/ACKFiltered: If the port is filtered, then the target will respond with nothing

nmap targetSYN (port X)

If open: SYN/ACK

If closed: RST/ACK

If filtered: <nothing>

5. [10 pts] This diagram represents the covert_tcp (TCP ACK Method) of transferring data from one host to another.

Describe the method by which the “covert_tcp Sender” can send a message to “covert_tcp Receiver” using the Bounce Server. Include necessary details on the IP or TCP headers in order to explain your answer.

5a. [4 pts] Details of communications for label A.The Sender sends a packet with the IP source spoofed as the Receiver, and Destination to be the Bounce Server. The TCP SYN flag is set, with a ISN set to (ASCII# - 1).

5b. [6pts] Details of communications for label B.The Bounce Server will receive the packet, and will reply to the Receiver because the source address was spoofed. There are two possible responses:1. SYN/ACK(ASCII# - 1 + 1)2. RST/ACK(ASCII# - 1 + 1)In either case, the ASCII# is successfully transmitted to the Receiver.

6. Suppose an attacker has installed HackerDefender on a target machine and has hidden itself and netcat on the host. Netcat on the host is configured to listen on port 1234 and upon an incoming connection will send the file password.txt, and then exit.6a. [4 pts] Write the netcat command for the attacker to run in order to retrieve the file and save the file to the current directory.

nc [host] 1234 > password.txt

6b. [4 pts] With the netcat process and port hidden on the target machine, can the port that netcat is using be found using a network scanning tool (such as nmap) from another host on the network? Explain.

Yes. Although HackerDefender can hide the ports from being displayed when using the netstat –a command, it has nothing to do with the ports as can be seen from outside the host; port 1234 from part 6a can always been seen from outside the host.

This question is based on Lab 4, which will not be on the midterm.

7. Vignere7a. [4] Using the standard Vignere (Vigenere) (Poly-alphabetic Encryption) table, decrypt the message HEFF using the key CAB.

The table was not given, but it’s trivial to recreate the table yourself.Decrypt H: Lookup Row C / Cell H => Column FDecrypt E: Lookup Row A / Cell E => Column EDecrypt F: Lookup Row B / Cell F => Column EDecrypt F: Lookup Row C / Cell F => Column DAnswer: FEED

7b. [2] Does the table in Vignere need to be kept secret for this cryptographic scheme to work? Two possible answers, depending on explanation: Either the “key” (CAB) or the “table” must be kept secret. Typically, it’s the “key” (CAB) that is kept secret.No. The table in this case is the encryption engine. As long as the key “CAB” is kept secret, then the table does not need to be kept secret.

- or - Yes. The table is the “key” used to decrypt the message. If the table is kept secret, then the encryption engine “CAB” does not need to be secret.

Modular Math Work2 mod 11 = 2

22 mod 11=((2 mod 11)(2 mod 11)) mod 11=((2)(2)) mod 11 = 4 mod 11 = 4

24 mod 11=((22 mod 11)(22 mod 11)) mod 11=((4)(4)) mod 11 = 16 mod 11 = 5

28 mod 11=((24 mod 11)(24 mod 11)) mod 11=((5)(5)) mod 11 = 25 mod 11 = 3

29 mod 11=((28 mod 11)(2 mod 11)) mod 11=((3)(2)) mod 11 = 12 mod 11 = 6

6 mod 33 = 662 mod 33

= ((6 mod 33) (6 mod 33)) mod 33= ((6)(6)) mod 33 = 36 mod 33 = 3

63 mod 33= ((6 mod 33) (62 mod 33)) mod 33= ((6)(3)) mod 33 = 18 mod 33 = 18

5 mod 11 = 552 mod 11 = 5*5 mod 11 = 25-22=354 mod 11 = 3*3 mod 11 = 958 mod 11 = 81 mod 11 = 81-77 = 459 mod 11 = 4*5 mod 11 = 20-11 = 9

6 mod 11 = 662 mod 11 = 36 mod 11 = 36-33 = 364 mod 11 = 9 mod 11 = 9

8. Perform RSA key generation with p=3 and q=11. Note: you must show work for any modular mathematics.8a. [2 pts] Compute n and φ

n = pq = 3 * 11 = 33φ = (p-1)(q-1) = (3-1)(11-1) = (2)(10) = 20

8b. [2 pts] Choose the smallest possible public (encryption) exponent e

Find e such that:1 < e < n;GCD(e, φ)=1

Not possible e: 2, 4, 5, 6, 8, 10, 12, 14, 15, 16, 18Possible e: 3, 7, 9, 11, 13, 17, 19

Choose e=3

8c. [4 pts] Choose a private (decryption) exponent d

ed mod φ = 1 or (ed – 1) mod φ = 0e = 3; φ = 203d mod 20 = 1Try d=1 => 3(1) mod 20 ?= 1 ... NOd=2 => 3(2) mod 20 ?= 1 ... NOd=3 => 3(3) mod 20 ?= 1 ... NOd=4 => 3(4) mod 20 ?= 1 ... NOd=5 => 3(5) mod 20 ?= 1 ... NOd=6 => 3(6) mod 20 ?= 1 ... NOd=7 => 3(7) mod 20 ?= 1 ... YESChoose d=7

8d. [4 pts] Encrypt the plaintext message m=6 with the public keyc = me mod n = (6)3 mod 33 = 18

Check your work: m = cd mod n = 187 mod 33 = 6(required if you made a math mistake)

8e: [2 pts] Is RSA the preferred or non-preferred choice for encrypting large messages? Explain why.

RSA is not preferred for encrypting large messages using RSA to encrypt messages is excruciatingly slow. Generating RSA key pairs is also very slow (~5 seconds).

9. Perform Diffie-Hellman shared key generation with g=2, n=11, Alice selects a=9 as her secret, Bob selects b=4 as his secret. Note: you must show work for any modular mathematics.9a. [3 pts] calculate Alice’s public key A

A = ga mod n = 29 mod 11 = 6

9b. [2 pts] calculate Bob’s public key B

B = gb mod n = 24 mod 11 = 5

9c. [4 pts] calculate the shared key K

KA = Ba mod n = 59 mod 11 = 9

KB = Ab mod n = 64 mod 11 = 9

9d. [3 pts] What values are publically shared between Alice and Bob?

A, g, n, B (everything except for a, b)

10. Block Cipher Mode of OperationsInput Output Input Output0000 0111 1000 11110001 0110 1001 11100010 0101 1010 11010011 0100 1011 11000100 0011 1100 10110101 0010 1101 10100110 0001 1110 10010111 0000 1111 1000

10a. [3 pts] If Trudy intercepted Ciphertext 001110110011 from Alice to Bob and knows that CBC is used, can she easily figure out that blocks are repeating? No, since CBC is used, Trudy cannot easily see if there are repeating blocks.

10b. [3 pts] Decrypt Ciphertext 001110110011 without using any modedec(0011) = 0100dec(1011) = 1100dec(0011) = 0100

10c. [6 pts] Decrypt Ciphertext 001110110011 using PCBC and IV=1010

Based on following the diagram, we can figure out the formulas for decryption:PT 1 = dec(CT 1) IV = dec(0011) 1010 = 0100 1010 = 1110⊕ ⊕ ⊕PT 2 = dec(CT 2) CT 1 PT 1 = dec(1011) 0011 1110 = 1100 0011 1110 = 0001⊕ ⊕ ⊕ ⊕ ⊕ ⊕PT 3 = dec(CT 3) CT 2 PT 2 = dec(0011) 1011 0001 = 0100 1011 0001 = 1110⊕ ⊕ ⊕ ⊕ ⊕ ⊕

1110 0001 1110

1010 10100100

1101

0011 00111011

1100 0100