CS 6250 Test 3
(BGP hijacking) What is the type through affected prefix? - ANS-Attacks on IP prefixes
marketed through the BGP. Include specific prefix hijacking, sub-prefix hijacking, and
squatting.
(BGP hijacking) What is the classification by using AS-Path assertion? - ANS-Illegitimate AS
declares AS-route for prefix for which it would not personal. Type-zero (above), Type-N
(above to create faux route between ASes), and Type-U (adjustments prefix but no longer
course)
(BGP hijacking) What is the category by way of data plane traffic manipulation? -
ANS-Manipulate the network visitors on its manner to the receiving AS. Dropping
(black-hollow assault), Eavesdropping or manipulating (man-in-the-center attack), or
impersonating (imposture)
Compare the "input deep" and "deliver home" method of CDN server placement. -
ANS-Enter Deep: Deploy many small networks round the arena. Goal is to make distance
among person and closest server as small as feasible
Bring Home: Deploy fewer, large servers in important areas. Fewer clusters to maintain,
however users will experience better put off and slower throughput
Compare the bit charge for video, pix, and audio. - ANS-Video > Photos > Audio
Compare the 3 primary methods for dealing with packet loss in VoIP protocols. - ANS-Fast
Error Concealment: transmit redundant information so that misplaced data may be replaced
Interleaving: Mixes chunks of audio together so if a bit is misplaced, it's miles at the least not
consecutive. Prefer many small gaps to 1 big gap
Error concealment: "guessing" what the lost audio packet is. In small snippets there is
similarity among consecutive portions. (what lets in for compression)
Describe a Reflection and Amplification attack. - ANS-Attack uses set of servers (reflectors)
to ship reaction to request. Master has slaves ship spoofed requests to reflectors directed at
sufferer.
Describe the DNS message format. - ANS-ID: So purchaser can match queries with
responses
Flags: Specifications about DNS message, query, and so on
Question: Info approximately the question like the hostname
Answer: Resource report for hostname that become queried
Authority: Resource records for greater authoritative servers
Additional Info
Explain a scenario of connectivity disruption detection in case of the inbound blocking. -
ANS-When filtering occurs on the route from the website online to the reflector.
Step three by no means reaches reflector so IP ID of reflector in no way will increase.
Difference in IP ID of step 1 and 4 is 1, that means there has been filtering on course from
web page to reflector.
Explain a scenario of connectivity disruption detection in case of the outbound blockading. -
ANS-Filtering happens on outgoing course from reflector.
IP ID increments in step three, but RST by no means reaches the web page.
Site maintains to ship SYN-ACKs
, Probe by machine shows IP ID has once more extended via 2, that means retransmission of
packets has passed off
Explain a scenario of connectivity disruption detection in case when no filtering happens. -
ANS-Measurement device probes IP ID of a reflector
Measurement machine plays perturbation with the aid of sending spoofed TCP SYN to web
page
Site sends a TCP SYN-ACK packet to reflector and receives a RST in response. IP ID of
reflector is incremented by 1
MM again probes IP ID of reflector. It sees distinction of two among steps 1 and 4 which
means communication occurred among hosts
Explain buffer-filling rate and buffer-depletion fee calculation. - ANS-Buffer-filling rate:
network bandwidth divided by way of chew bitrate
Buffer-depletion fee: how a whole lot buffer is misplaced (looking a video = 1, 1 sec to
observe 1 sec of video)
Explain IXP blackholing. - ANS-If an AS member of an IXP is attacked, it ship blackholing
message to IXP route server. Router server publicizes message to all connected IXP
member ASes, which drop the visitors towards blackholed prefix. Null interface is designated
through the IXP.
Explain company-based blackholing. - ANS-Victim AS uses BGP to communicate attacked
vacation spot prefix to upstream AS, which drops the assault visitors toward this prefix.
Provider will promote it a more specific prefix and regulate the subsequent-hop deal with to
divert attack visitors to null interface.
Explain the allotted machine that uses a 2-layered system. What are the demanding
situations of this gadget? - ANS-Coarse-grained global layer: Operates at big time scales.
Has international view of client satisfactory metrics. Builds prediction model of video
high-quality
Fine-grained in line with-consumer layer: Operates at millisecond timescale. Makes
decisions upon client request
Challenges: Hard to design a centralized gadget with scale of latest networks. Needs
records for specific subnet pairs, so some customers want to be routed to sub-optimal
clusters
Explain the trouble of bandwidth over-estimation with charge-primarily based variation. -
ANS-If bandwidth adjustments swiftly, player takes time to converge to accurate estimate
Explain the hassle of bandwidth under-estimation with charge-primarily based model. -
ANS-As bitrate receives decrease, chunk size reduces, which results in bitrate going even
decrease
Explain the state of affairs of hijacking a direction. - ANS-Attacked manipulates an
advertisement and claims to have direct course to an AS (which it does not). Other ASes
adopt the faux direction to the AS.
Traffic for the AS is routed via the attacker
Explain the state of affairs of prefix hijacking. - ANS-Attacker makes use of a router to
announce a prefix belonging to another AS
Announcement reasons war among ASes. They examine statement with RIB. If the
declaration ends in a brand new great route, they consider the assertion and replace their
routes.
Traffic meant for reliable AS could be sent to attacker
(BGP hijacking) What is the type through affected prefix? - ANS-Attacks on IP prefixes
marketed through the BGP. Include specific prefix hijacking, sub-prefix hijacking, and
squatting.
(BGP hijacking) What is the classification by using AS-Path assertion? - ANS-Illegitimate AS
declares AS-route for prefix for which it would not personal. Type-zero (above), Type-N
(above to create faux route between ASes), and Type-U (adjustments prefix but no longer
course)
(BGP hijacking) What is the category by way of data plane traffic manipulation? -
ANS-Manipulate the network visitors on its manner to the receiving AS. Dropping
(black-hollow assault), Eavesdropping or manipulating (man-in-the-center attack), or
impersonating (imposture)
Compare the "input deep" and "deliver home" method of CDN server placement. -
ANS-Enter Deep: Deploy many small networks round the arena. Goal is to make distance
among person and closest server as small as feasible
Bring Home: Deploy fewer, large servers in important areas. Fewer clusters to maintain,
however users will experience better put off and slower throughput
Compare the bit charge for video, pix, and audio. - ANS-Video > Photos > Audio
Compare the 3 primary methods for dealing with packet loss in VoIP protocols. - ANS-Fast
Error Concealment: transmit redundant information so that misplaced data may be replaced
Interleaving: Mixes chunks of audio together so if a bit is misplaced, it's miles at the least not
consecutive. Prefer many small gaps to 1 big gap
Error concealment: "guessing" what the lost audio packet is. In small snippets there is
similarity among consecutive portions. (what lets in for compression)
Describe a Reflection and Amplification attack. - ANS-Attack uses set of servers (reflectors)
to ship reaction to request. Master has slaves ship spoofed requests to reflectors directed at
sufferer.
Describe the DNS message format. - ANS-ID: So purchaser can match queries with
responses
Flags: Specifications about DNS message, query, and so on
Question: Info approximately the question like the hostname
Answer: Resource report for hostname that become queried
Authority: Resource records for greater authoritative servers
Additional Info
Explain a scenario of connectivity disruption detection in case of the inbound blocking. -
ANS-When filtering occurs on the route from the website online to the reflector.
Step three by no means reaches reflector so IP ID of reflector in no way will increase.
Difference in IP ID of step 1 and 4 is 1, that means there has been filtering on course from
web page to reflector.
Explain a scenario of connectivity disruption detection in case of the outbound blockading. -
ANS-Filtering happens on outgoing course from reflector.
IP ID increments in step three, but RST by no means reaches the web page.
Site maintains to ship SYN-ACKs
, Probe by machine shows IP ID has once more extended via 2, that means retransmission of
packets has passed off
Explain a scenario of connectivity disruption detection in case when no filtering happens. -
ANS-Measurement device probes IP ID of a reflector
Measurement machine plays perturbation with the aid of sending spoofed TCP SYN to web
page
Site sends a TCP SYN-ACK packet to reflector and receives a RST in response. IP ID of
reflector is incremented by 1
MM again probes IP ID of reflector. It sees distinction of two among steps 1 and 4 which
means communication occurred among hosts
Explain buffer-filling rate and buffer-depletion fee calculation. - ANS-Buffer-filling rate:
network bandwidth divided by way of chew bitrate
Buffer-depletion fee: how a whole lot buffer is misplaced (looking a video = 1, 1 sec to
observe 1 sec of video)
Explain IXP blackholing. - ANS-If an AS member of an IXP is attacked, it ship blackholing
message to IXP route server. Router server publicizes message to all connected IXP
member ASes, which drop the visitors towards blackholed prefix. Null interface is designated
through the IXP.
Explain company-based blackholing. - ANS-Victim AS uses BGP to communicate attacked
vacation spot prefix to upstream AS, which drops the assault visitors toward this prefix.
Provider will promote it a more specific prefix and regulate the subsequent-hop deal with to
divert attack visitors to null interface.
Explain the allotted machine that uses a 2-layered system. What are the demanding
situations of this gadget? - ANS-Coarse-grained global layer: Operates at big time scales.
Has international view of client satisfactory metrics. Builds prediction model of video
high-quality
Fine-grained in line with-consumer layer: Operates at millisecond timescale. Makes
decisions upon client request
Challenges: Hard to design a centralized gadget with scale of latest networks. Needs
records for specific subnet pairs, so some customers want to be routed to sub-optimal
clusters
Explain the trouble of bandwidth over-estimation with charge-primarily based variation. -
ANS-If bandwidth adjustments swiftly, player takes time to converge to accurate estimate
Explain the hassle of bandwidth under-estimation with charge-primarily based model. -
ANS-As bitrate receives decrease, chunk size reduces, which results in bitrate going even
decrease
Explain the state of affairs of hijacking a direction. - ANS-Attacked manipulates an
advertisement and claims to have direct course to an AS (which it does not). Other ASes
adopt the faux direction to the AS.
Traffic for the AS is routed via the attacker
Explain the state of affairs of prefix hijacking. - ANS-Attacker makes use of a router to
announce a prefix belonging to another AS
Announcement reasons war among ASes. They examine statement with RIB. If the
declaration ends in a brand new great route, they consider the assertion and replace their
routes.
Traffic meant for reliable AS could be sent to attacker
