Scenario 1: Domain Name System (DNS) Server Denial of Service (DoS) On a Saturday afternoon, external users start having problems accessing the organization's public websites. Over the next hour, the problem worsens to the point where nearly every access attempt fails. Meanwhile, a member of the organization's networking staff responds to alerts from an Internet border router and determines that the organization's Internet bandwidth is being consumed by an unusually large volume of User Datagram Protocol (UDP) packets to and from both the organization's public DNS servers. Analysis of the traffic shows that the DNS servers are receiving high volumes of requests from a single external IP address. Also, all the DNS requests from that address come from the same source port. The following are additional questions for this scenario: 1. Whom should the organization contact regarding the external IP address in question? 2. Suppose that after the initial containment measures were put in place, the network administrators detected that nine internal hosts were also attempting the same unusual requests to the DNS server. How would that affect the handling of this incident? 3. Suppose that two of the nine internal hosts disconnected from the network before their system owners were identified. How would the system owners be identified?
Added by Anne L.
Close
Step 1
The organization should contact their Internet Service Provider (ISP) regarding the external IP address in question. The ISP can help trace the origin of the IP address and possibly block it to prevent further attacks. If the attack is severe, the organization may Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 66 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
You have 3 networks (A, B, and C) and 2 routers (Y and Z). Network A has an address space of 10.1.1.0/24 and is connected to router Y, using the interface 10.1.1.1. Network B has an address space of 192.168.1.0/24 and is connected to Router Y, using the interface 192.168.1.254. Network B is also connected with router Z, using the interface of 192.168.1.1. Network C has an address space of 172.16.1.0/24 and is connected to router Z, using the interface 172.16.1.1. The diagram below represents these connections and interfaces. 1. Computer 1 on network C, with IP address of 172.16.1.57, wants to send a packet to Computer 2, with IP address of 172.16.1.133. If the TTL value was set to 64 at the beginning, what is the value of the TTL once it reaches its destination? 0 65 61 64 2. What information is in the data payload of the Ethernet frame? ART message Network interface Handshake IP datagram
Sri K.
1. What is the role of Domain Name Server (DNS) in a network? 2. What is DNS cache poisoning?
Chandra J.
192.168.1.97/27 192.168.1.98/27 R1 192.168.1.55/27 192.168.1.69/28 192.168.1.129/27 R2 192.168.1.222/28 Host 1 Host 2 Host 3 Host 4 IP: 192.168.1.35 IP: 192.168.1.72 SM: 255.255.255.224 SM: 255.255.255.240 GW: 192.168.1.55 GW: 192.168.1.69 IP: 192.168.1.130 IP: 192.168.1.225 SM: 255.255.255.224 SM: 255.255.255.240 GW: 192.168.1.129 GW: 192.168.1.222 In the network diagram above, determine why Host 4 cannot ping Host 1. Explain what happens to the ICMP packets. The IP addresses given above are interface addresses for the routers (with the corresponding mask length given in CIDR notation). They are not subnet addresses. You can reasonably assume that the routers R1 and R2 have advertised the network routes they know about to each other, and each router has learned about network routes by way of the direct connections to their respective networks. Such routes are installed in the routing table for the router and will be advertised to its neighbors.
Akash M.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
Watch the video solution with this free unlock.
EMAIL
PASSWORD