1. You wish to build a packet-filter ruleset that allows certain inbound and outbound SMTP traffic to your hosts but blocks all other traffic. SMTP is the standard protocol for transferring mails over a TCP connection. The server “listens to” TCP port 25, and a client “listens to” a port above 1023.

You have generated the following ruleset, {A, B, C, D, E}. A packet must satisfy at least one of A to D to override E.

Rule	Direction	Source	Destination	Protocol	Src Prt	Dest Port	Action
A	In	External	Internal	TCP	>1023	25	Permit
B	Out	Internal	External	TCP	25	>1023	Permit
C	Out	Internal	External	TCP	>1023	25	Permit
D	In	External	Internal	TCP	25	>1023	Permit
E	Either	Any	Any	Any	Any	Any	Deny

1. Your host is at the IP address 172.16.1.1. A benign outside source with the IP address 192.168.3.4 tries to send an e-mail to your host. Four typical packets for this scenario are as follows:

Packet	Direction	Source	Destination	Protocol	Src Port	Dest Port	Action
1	In	192.168.3.4	172.16.1.1	TCP	1234	25	?
2	Out	172.16.1.1	192.168.3.4	TCP	25	1234	?
3	Out	172.16.1.1	192.168.3.4	TCP	1357	25	?
4	In	192.168.3.4	172.16.1.1	TCP	25	1357	?

Determine the action that the firewall will take for each packet, i.e., which ones will be permitted and which ones will be denied. Explain your answer.

2. Someone from the outside world (10.1.2.3) attempts to open a connection from port 5150 to the web-proxy on port 8080 on one of your local hosts (172.16.3.4) in order to carry out an attack. The packets involved are as follows:

Packet	Direction	Source	Destination	Protocol	Src Port	Dest Port	Action
5	In	10.1.2.3	172.16.3.4	TCP	5150	8080	?
6	Out	172.16.3.4	10.1.2.3	TCP	8080	5150	?

Will this attack succeed? Explain.