n o RTT RTT RTT 1 6 o o n RTT RTT RTT RTT 2 1 n o RTT RTT RTT 1 3 Chuah

N o rtt rtt rtt 1 6 o o n rtt rtt rtt rtt 2 1 n o rtt

This preview shows page 2 - 5 out of 5 pages.

n o RTT RTT RTT + + + = ! 1 6 o o n RTT RTT RTT RTT + + + + 2 1 ! n o RTT RTT RTT + + + = ! 1 3
Image of page 2
Chuah ECS152A/EEC173A 3 3. (20 points) DNS (a) (4 pt.) What is a whois database? For a given input of domain name (such as ccn.com), IP address or network administrator name, whois database can be used to locate the corresponding registrar, whois server, DNS server, and so on. (b) (4 pt.) Use the ARIN whois database to determine the IP address range used by your university. UCDAVIS1 ( NET-192-82-111-0-1 ) 192.82.111.0 - 192.82.111.255 UCDAVIS ( NET-128-120-0-0-1 ) 128.120.0.0 - 128.120.255.255 UCDMC ( NET-152-79-0-0-1 ) 152.79.0.0 - 152.79.255.255 UCDAVIS2 ( NET-169-237-0-0-1 ) 169.237.0.0 - 169.237.255.255 (c) (4 pt.) Use nslookup to find a Web server that has multiple IP addresses. Does the web server of your university have multiple IP addresses? 157.166.255.18, 157.166.255.19, 157.166.226.25, 157.166.226.26 only has one IP address: 128.120.33.39 (d) (4 pt.) Describe how an attacker can use whois databases and nslookup tool to perform reconnaissance on an institution before launching an attack. An attacker can use the whois database and nslookup tool to determine the IP address ranges, DNS server addresses, etc., for the target institution. (e) (4 pt.) Discuss why whois databases should be publicly available. By analyzing the source address of attack packets, the victim can use whois to obtain information about domain from which the attack is coming and possibly inform the administrators of the origin domain 4. (12 points) dig & DNS Cache. (a) (6 pt.) Use the tool dig available on Unix and Linux hosts to explore the hierarchy of DNS servers. Recall that a DNS server higher in the DNS hierarchy delegates a DNS query to a DNS server lower in the hierarchy, by sending back to the DNS client the name of that lower-level DNS server. First read the man page for dig (in particular, the option dig +norecurse ). Start with a root DNS server (from one of the root servers [a-m].root-servers.net), initiate a sequence of queries for the IP address for your department’s Web server by using dig. Show the list of the names of DNS servers in the delegation chain in answering your query. First command: dig +norecurse @a.root-servers.net any ;; AUTHORITY SECTION: edu. 172800 IN NS l.edu-servers.net. edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS d.edu-servers.net. edu. 172800 IN NS g.edu-servers.net. edu. 172800 IN NS a.edu-servers.net. edu. 172800 IN NS f.edu-servers.net.
Image of page 3
Chuah ECS152A/EEC173A 4 Among all returned edu DNS servers, we send a query to the first one.
Image of page 4
Image of page 5

You've reached the end of your free preview.

Want to read all 5 pages?

  • Fall '08
  • Ghoshal
  • IP address, Domain Name System

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture