CEG 429/629:Internet Security
Mid Term //Spring  2008//100 points max//75 minutes
Fine Print:  This is a closed notes exam.  Do not give or take help during the exam.
  1. (6*5 points each) The following statements may or may not be (fully or partially) valid.   Explain the technical term occurring in each statement.   Explain/ discuss/ dispute the statement.  It is possible to write no more than, say, ten, sentences each, and yet receive full score.
    1. On a host that has two NICs, a fully capable routing table need be no more than two rows.
    2. It is possible to setup a Linux/ Unix system without a single suid program.
    3. Masquerading, spoofing, and smurfing are all describing changes made to IP packets.
    4. Backdoors are used to install rootkits.
    5. In a TCP segment with SYN=1, the SEQ number must be non-zero.
    6. Probing is used to detect the weaknesses of a target machine.
  2. (4*10 points)
    1. Describe, in detail, the techniques used in sniper-fin.
    2. What are one-time passwords?
    3. Explain how public-key encryption scheme can be useful in host (node) authentication.

    4. Consider the following ten significant events that occur in the rebooting of a Unix machine from currently running (power on, duh) to login prompt. The events may or may not occur in the order given. E1: Root volume is mounted by the kernel; E2: Process init is created;  E3: inetd daemon is started; E4. OS Boot loader invokes the kernel;  E5getty processes are started.  E6: The run level changes from 3 to 5.  E7: BIOS finds the boot device. E8:  run level changes to 0, E9:  All file volumes are un-mounted.  E10: Networking is shutdown.   Arrange these events in chronological order, and explain why these must happen in that order.

  3. (3*10 points)  The context of this question is the paper by Aleph One. 
    bottom of  DDDDDDDDEEEEEEEEEEEE  EEEE  FFFF  FFFF  FFFF  FFFF   top of
memory     89ABCDEF0123456789AB  CDEF  0123  4567  89AB  CDEF   memory
           buffer                sfp   ret   a     b     c
<------   [JJSSSSSSSSSSSSSSCCss][ssss][0xD8][0x01][0x02][0x03]
           ^|^             ^|            |
           |||_____________||____________| (1)
       (2)  ||_____________||
             |______________| (3)
top of                                                       bottom of
stack                                                            stack
    1. In developing the various versions of exploitN.c, AlephOne  wishes to avoid the occurrence of 0x00 in the shellcode[].  Why?  How does he avoid it?
    2. Explain what the arrow labeled (3) does and why it is needed.
    3. How does exploit3.c differ from exploit4.c?
    4. Copyright ©  2008 Prabhaker Mateti ; May 15, 2008