CMPS 122: Computer Security
Spring 2003

Homework #3

Please read the homework guidelines for information about how to work on the assignment and how to submit it.

1. [based on Plfeeger 7.28] SYN flood is the result of some incomplete protocol exchange: The client initiates an exchange but doesn't complete it. Unfortunately, these situations can also occur normally. Describe a benign situation that could cause a protocol exchange to be incomplete. How could you distinguish this from an attack?
2. [Pfleeger 7.24] Suggest a countermeasure for traffic flow analysis.
3. [based on Pfleeger 7.34] Some large web sites use devices called "load balancers" to distribute traffic evenly among several equivalent servers. In such a system, the servers that handle Web requests are all "equal," and sufficient state is shared to allow any request to go to any server in the cluster. What is the security advantage to this configuration? Are there any disadvantages?
4. [based on Pfleeger 7.29] A distributed denial-of-service attack requires zombie processes running on numerous machines to perform a piece of the attack. These zombies must act simultaneously for the attack to be effective. If you were a system administrator looking for zombies on your computers, what would you look for? Could you find them before the attack was launched?
5. It has been claimed that lack of diversity in the Internet is a major vulnerability for modern computer systems. Why does the predominance of a single operating system pose a threat? Does the predominance of a few browsers pose a threat as well? How might any threat be countered?
6. [Pfleeger 7.32] I have a high-speed network connections coming into your home, and I also have a wireless network access point. Like most people, I don't use most of my bandwidth—my long-term average usage is under 1KB/sec over a week out of a maximum of about 125KB/sec. List three reasons why I might still want to prevent an outsider from obtaining free network access by intruding into my wireless network.
7. [Pfleeger 7.59] Should a network administrator put a firewall in front of a honeypot? Why or why not?