n o RTT RTT RTT + + + = ! 1 6 o o n RTT RTT RTT RTT + + + + 2 1 ! n o RTT RTT RTT + + + = ! 1 3
Chuah ECS152A/EEC173A 3 3. (20 points) DNS (a) (4 pt.) What is a whois database? For a given input of domain name (such as ccn.com), IP address or network administrator name, whois database can be used to locate the corresponding registrar, whois server, DNS server, and so on. (b) (4 pt.) Use the ARIN whois database to determine the IP address range used by your university. UCDAVIS1 ( NET-192-82-111-0-1 ) 18.104.22.168 - 22.214.171.124 UCDAVIS ( NET-128-120-0-0-1 ) 126.96.36.199 - 188.8.131.52 UCDMC ( NET-152-79-0-0-1 ) 184.108.40.206 - 220.127.116.11 UCDAVIS2 ( NET-169-237-0-0-1 ) 18.104.22.168 - 22.214.171.124 (c) (4 pt.) Use nslookup to find a Web server that has multiple IP addresses. Does the web server of your university have multiple IP addresses? 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11 only has one IP address: 18.104.22.168 (d) (4 pt.) Describe how an attacker can use whois databases and nslookup tool to perform reconnaissance on an institution before launching an attack. An attacker can use the whois database and nslookup tool to determine the IP address ranges, DNS server addresses, etc., for the target institution. (e) (4 pt.) Discuss why whois databases should be publicly available. By analyzing the source address of attack packets, the victim can use whois to obtain information about domain from which the attack is coming and possibly inform the administrators of the origin domain 4. (12 points) dig & DNS Cache. (a) (6 pt.) Use the tool dig available on Unix and Linux hosts to explore the hierarchy of DNS servers. Recall that a DNS server higher in the DNS hierarchy delegates a DNS query to a DNS server lower in the hierarchy, by sending back to the DNS client the name of that lower-level DNS server. First read the man page for dig (in particular, the option dig +norecurse ). Start with a root DNS server (from one of the root servers [a-m].root-servers.net), initiate a sequence of queries for the IP address for your department’s Web server by using dig. Show the list of the names of DNS servers in the delegation chain in answering your query. First command: dig +norecurse @a.root-servers.net any ;; AUTHORITY SECTION: edu. 172800 IN NS l.edu-servers.net. edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS d.edu-servers.net. edu. 172800 IN NS g.edu-servers.net. edu. 172800 IN NS a.edu-servers.net. edu. 172800 IN NS f.edu-servers.net.
Chuah ECS152A/EEC173A 4 Among all returned edu DNS servers, we send a query to the first one.
You've reached the end of your free preview.
Want to read all 5 pages?
- Fall '08
- IP address, Domain Name System