14) Stealth port scanning: Recall that IP packet header contains a 16 bit identification field that...

 

Transcribed Image Text:

14) Stealth port scanning: Recall that IP packet header contains a 16 bit identification field that is used for assembling packet fragments. IP mandates that the identification field be unique for each packet for a given (sourceIP, DestIP) pair. A common method for implementing the identification field is to maintain a single counter that is incremented by one for every packet sent. The current value of the counter is embedded in each outgoing packet. Since this counter is used for all connections to the host we say that the host implements a global identification field. (1 mark) a) Suppose a host P (whom we'll call the Patsy for reasons that become clear later) implements a global identification field. Suppose further that P responds to ICMP ping requests. You control some other host A. How can you test if P send a packet to anyone (other than A) within a certain one minute window? You are allowed to send your own packets to P. b) Your goal new is to test whether a victim host V is running a server that accepts connection to port n (that is, test if V is listening to port n). You wish to hide the identity of your machine A. Hence, A cannot directly send a packet to V, unless that packet contains a spoofed source IP address. Explain how to use the patsy host P to do this. c) How would you change host P to avoid this problem? You are not allowed to modify the TCP/IP protocol or the services running on P. You may only modify the implementation of TCP/IP on host P. 14) Stealth port scanning: Recall that IP packet header contains a 16 bit identification field that is used for assembling packet fragments. IP mandates that the identification field be unique for each packet for a given (sourceIP, DestIP) pair. A common method for implementing the identification field is to maintain a single counter that is incremented by one for every packet sent. The current value of the counter is embedded in each outgoing packet. Since this counter is used for all connections to the host we say that the host implements a global identification field. (1 mark) a) Suppose a host P (whom we'll call the Patsy for reasons that become clear later) implements a global identification field. Suppose further that P responds to ICMP ping requests. You control some other host A. How can you test if P send a packet to anyone (other than A) within a certain one minute window? You are allowed to send your own packets to P. b) Your goal new is to test whether a victim host V is running a server that accepts connection to port n (that is, test if V is listening to port n). You wish to hide the identity of your machine A. Hence, A cannot directly send a packet to V, unless that packet contains a spoofed source IP address. Explain how to use the patsy host P to do this. c) How would you change host P to avoid this problem? You are not allowed to modify the TCP/IP protocol or the services running on P. You may only modify the implementation of TCP/IP on host P.