$(20$ pts $)$ You are provided with the following firewall table that uses the ACK bit to determine connection states. The firewall protects an internal network with IP range $192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24$ and allows selective traffic based on the rules below.

$\backslash$table$[[$Rule No$.,$Source IP$,\backslash$table$[[$Destination$],[$IP$]],$Protocol,Port,ACK,Action$],[1,192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24,$ANY,TCP$,80,443,$ANY,Allow$],[2,192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24,10\mathrm{.}0\mathrm{.}0\mathrm{.}0/24,$TCP$,$ANY,$0,$ALLOW$],[3,192\mathrm{.}168\mathrm{.}1\mathrm{.}5,$ANY,TCP$,22,1,$Allow$],[4,$ANY,$192\mathrm{.}168\mathrm{.}1\mathrm{.}5,$TCP$,$ANY,$1,$AlLOW$],[5,$ANY,ANY,ANY,ANY,ANY,DENY$]]$

Assume that an attacker has compromised $192\mathrm{.}168\mathrm{.}1\mathrm{.}5,$ a Linux server inside the network, and is using it as a proxy to establish connections to external hosts. The attacker attempts the following actions:

Use $192\mathrm{.}168\mathrm{.}1\mathrm{.}5$ to initiate a SSH connection to the attacker's external machine at $192\mathrm{.}0\mathrm{.}2\mathrm{.}5.$

Relay data to $10\mathrm{.}0\mathrm{.}0\mathrm{.}10$ on port $8080$ using $192\mathrm{.}168\mathrm{.}1\mathrm{.}5.$

Tasks

I. $(10$ pts$)$ Analyze the Firewall Rules:

a$.$ Determine whether each of the attacker's actions will succeed or fail, providing your reasoning.

b$.$ Identify which firewall rules are applied in each case.

II$.(5$ pts$)$ Propose a Defense:

Suggest modifications to the firewall rules to prevent the attacker's activities while maintaining legitimate access for internal users.

III. $(5$ pts$)$ ACK Bit Use:

Explain the role of the ACK bit in Rule $4$ and how it impacts traffic to $192\mathrm{.}168\mathrm{.}1\mathrm{.}5.$