Chapter 1 Answers, Guide to Network Defense & Countermeasures, 3e
Review Questions
1. a. inside the company
2. d. all of the above
3. c. nonrepudiation
4. a. their own subnet
b. a DMZ
d. a network perimeter
5. a. port number
d. IP address
6. d. cyberterrorist
7. b. socket
8. b. rule base
9. nonrepudiation, confidentiality, integrity, availability
10. c. physical
11. b. disrupt computer-controlled industrial operations
12. False
13. a. worm
b. virus
14. d. block all traffic
15. a. signatures
Case Projects
Case Project 1-1: Determining Legal Requirements for
Penetration Testing
Answers may vary, but students should address the need to obtain written
permission for the penetration tests. State laws include Hawaii Rev. Stat. § 708-892, §
708-891.5, § 708-895.5, § 708-892.5. Federal laws include Criminal Code, Title 18,
Sections § 1029, § 1030, § 1362, § 2510, § 2701.
Case Project 1-2: Understanding the Rules of Engagement for
Security Testers
The OSSTMM's rules of engagement are available at
www.isecom.org/osstmm/rules.shtml.
Chapter 2 Answers, Guide to Network Defense & Countermeasures, 3e
, Review Questions
1. b. IPv6 uses a 128-bit address space.
d. IPv6 incorporates IPsec.
2. d. 192, 223
3. a. Network Address Translation (NAT)
c. proxy servers
4. b. testing the local TCP/IP software implementation
5. c. It is connectionless.
6. b. 191.9.205.22/18
7. d. Routers break packets into smaller pieces called fragments.
8. c. Multicast Listener Discovery
d. Neighbor Discovery
9. c. FQDNs, IP addresses
10. b. Fragments numbered 1 or higher are passed through filters.
11. a. multicast
12. b. sliding window size
13. a. SYN
14. c. 58
15. b. 1080::8:800:200C:417A
Hands-on Projects
Hands-on Project 2-3: Examining Individual ARP and Ping Packets
9. Expand the Internet Control Message Protocol section. What is the pattern in the
content of the 32 bytes of data that are sent in a Windows ping?
Answer: The partial alphabet.
Hands-on Project 2-4: Examining IPv6 Ping Packets
5. This chapter included a number of figures that show header structures, including
Figures 2-2, 2-3, 2-5, 2-8, and 2-9. In the space below, create a figure that shows
the structure of this Neighbor Solicitation message.
Answer: A solution is included in HOP 2-4 solution.vsd and HOP 2-4 solution.docx.
Hands-on Project 2-5: A Challenge
The –l indicates that the data size of the ping request and reply will be specified in
bytes. Because the maximum transmission unit size of Ethernet is 1500 bytes, a
5000-byte ping needs to be fragmented by IP. As a result, while the first packet of
each echo request or reply is an ICMPv6 packet, the remaining fragments are IP
protocol packets. In these packets the IPv6 option header, Fragmentation Header, is
added to the IPv6 header. The More Fragment field in the fragmentation header
indicates whether more packets are associated with this ping; it also includes an
offset that indicates which byte of the 5000-byte ping is the first byte in the current
fragment.
, Case Projects
Case Project 2-1: The Differences between IPv4 and IPv6
Answers may vary, but a correct answer would include references to the following:
Available addresses expanded from 32 bits to 128 bits in IPv6.
There is no likelihood that addresses will be exhausted in the foreseeable future.
Native IPsec support is provided in IPv6.
Native support for flow control Quality of Service is provided in IPv6 to improve
performance of multimedia transmissions.
ARP broadcasts are no longer required with IPv6 because ND performs this
function.
Multicasting is more efficient in IPv6.
IPv6 does not require static or DHCP configuration; it can use autoconfiguration.
Chapter 3 Answers, Guide to Network Defense & Countermeasures, 3e
Review Questions
1. c. attack signatures
2. c. Installing application patches can thwart a reported attack.
3. a. logon attempts
c. TCP options
4. d. checksum
5. a. Fragments are too large or too small.
b. The initial packet is missing.
c. The fragments arrive too slowly.
6. c. one with the SYN flag set
7. d. an established connection
8. b. ICMP flood
9. a. It acknowledges receipt of the previous packet in the sequence.
10. c. SYN, SYN/ACK, ACK
11. b. FTP
12. b. ping sweep
13. d. portmapper
14. a. Watch your log files closely.
d. Keep your IDPS signature files updated.
15. c. IPv6 fragmentation occurs only at the source node.
Case Projects
Case Project 3-1: Evading Firewalls and the IDPS
You can use the following Nmap options to evade firewalls and the IDPS:
-f (fragment packets); --mtu (using the specified MTU)
Review Questions
1. a. inside the company
2. d. all of the above
3. c. nonrepudiation
4. a. their own subnet
b. a DMZ
d. a network perimeter
5. a. port number
d. IP address
6. d. cyberterrorist
7. b. socket
8. b. rule base
9. nonrepudiation, confidentiality, integrity, availability
10. c. physical
11. b. disrupt computer-controlled industrial operations
12. False
13. a. worm
b. virus
14. d. block all traffic
15. a. signatures
Case Projects
Case Project 1-1: Determining Legal Requirements for
Penetration Testing
Answers may vary, but students should address the need to obtain written
permission for the penetration tests. State laws include Hawaii Rev. Stat. § 708-892, §
708-891.5, § 708-895.5, § 708-892.5. Federal laws include Criminal Code, Title 18,
Sections § 1029, § 1030, § 1362, § 2510, § 2701.
Case Project 1-2: Understanding the Rules of Engagement for
Security Testers
The OSSTMM's rules of engagement are available at
www.isecom.org/osstmm/rules.shtml.
Chapter 2 Answers, Guide to Network Defense & Countermeasures, 3e
, Review Questions
1. b. IPv6 uses a 128-bit address space.
d. IPv6 incorporates IPsec.
2. d. 192, 223
3. a. Network Address Translation (NAT)
c. proxy servers
4. b. testing the local TCP/IP software implementation
5. c. It is connectionless.
6. b. 191.9.205.22/18
7. d. Routers break packets into smaller pieces called fragments.
8. c. Multicast Listener Discovery
d. Neighbor Discovery
9. c. FQDNs, IP addresses
10. b. Fragments numbered 1 or higher are passed through filters.
11. a. multicast
12. b. sliding window size
13. a. SYN
14. c. 58
15. b. 1080::8:800:200C:417A
Hands-on Projects
Hands-on Project 2-3: Examining Individual ARP and Ping Packets
9. Expand the Internet Control Message Protocol section. What is the pattern in the
content of the 32 bytes of data that are sent in a Windows ping?
Answer: The partial alphabet.
Hands-on Project 2-4: Examining IPv6 Ping Packets
5. This chapter included a number of figures that show header structures, including
Figures 2-2, 2-3, 2-5, 2-8, and 2-9. In the space below, create a figure that shows
the structure of this Neighbor Solicitation message.
Answer: A solution is included in HOP 2-4 solution.vsd and HOP 2-4 solution.docx.
Hands-on Project 2-5: A Challenge
The –l indicates that the data size of the ping request and reply will be specified in
bytes. Because the maximum transmission unit size of Ethernet is 1500 bytes, a
5000-byte ping needs to be fragmented by IP. As a result, while the first packet of
each echo request or reply is an ICMPv6 packet, the remaining fragments are IP
protocol packets. In these packets the IPv6 option header, Fragmentation Header, is
added to the IPv6 header. The More Fragment field in the fragmentation header
indicates whether more packets are associated with this ping; it also includes an
offset that indicates which byte of the 5000-byte ping is the first byte in the current
fragment.
, Case Projects
Case Project 2-1: The Differences between IPv4 and IPv6
Answers may vary, but a correct answer would include references to the following:
Available addresses expanded from 32 bits to 128 bits in IPv6.
There is no likelihood that addresses will be exhausted in the foreseeable future.
Native IPsec support is provided in IPv6.
Native support for flow control Quality of Service is provided in IPv6 to improve
performance of multimedia transmissions.
ARP broadcasts are no longer required with IPv6 because ND performs this
function.
Multicasting is more efficient in IPv6.
IPv6 does not require static or DHCP configuration; it can use autoconfiguration.
Chapter 3 Answers, Guide to Network Defense & Countermeasures, 3e
Review Questions
1. c. attack signatures
2. c. Installing application patches can thwart a reported attack.
3. a. logon attempts
c. TCP options
4. d. checksum
5. a. Fragments are too large or too small.
b. The initial packet is missing.
c. The fragments arrive too slowly.
6. c. one with the SYN flag set
7. d. an established connection
8. b. ICMP flood
9. a. It acknowledges receipt of the previous packet in the sequence.
10. c. SYN, SYN/ACK, ACK
11. b. FTP
12. b. ping sweep
13. d. portmapper
14. a. Watch your log files closely.
d. Keep your IDPS signature files updated.
15. c. IPv6 fragmentation occurs only at the source node.
Case Projects
Case Project 3-1: Evading Firewalls and the IDPS
You can use the following Nmap options to evade firewalls and the IDPS:
-f (fragment packets); --mtu (using the specified MTU)
