CS691 S2005 Final Exam Review
Final Exam will be in class 5/12 Thursday 4:30-7pm.
Note that the start time is 4:30pm earlier than our meeting time!

CS691c S2003 Final Exam
Answer all questions. You have until 3/22 11:59pm to email me your answer.

  1. Firewall
    1. Why the servers in DMZ are not allowed to initiate the connections to the systems in the intranet?
    2. What would happen if a machine in Internet pings a machine in the intranet?
    3. When should we use SNAT instead of MASQUERADE?
    4. How DNAT is used? Is it applied in PREROUTING or POSTROUTING?
  2. IDS
    1. With the possibility of the inside attack, where should IDS devices be located?
    2. What are two basic types of IDS devices?
    3. If a hacker changes the content of the TFN DDoS attack msg from "1234" to "haha", what will be the new snort rule, you will add?
    4. The above scenario indicates the problems with IDS detection with specific patterns. If the attacker changes the content, the existing rules will produce false negatives. What is your solution to this.
    5. Give three examples of designs or syntax in snort rules, that tries to improve the efficiency of intrusion detection process.
    6. Explain how honeypot can be used to reduced the false positives to zero.
  3. Penetration Testing
    1. What are the steps of a systematic hack?
    2. How the nmap detects the OS version?
    3. How the scanning tools evades the detection?
    4. Given an example of how fpipe can be used to avoid blocking by the firewall.
    5. How can netcat be used to set up a backdoor connection?
    6. How the information collected with footprinting, scanning, and enumeration can help gain access to the system? Give three examples.
  4. Optional Questions from semester project presentations.