Homework 7 - Chapters 7 and 8 (Extra Credit)
Due: Wednesday June 10, 2009 at 11:00am
Since this is an extra credit assignment, no late assignments will be accepted.
Each question is worth 2 points.
- DNS queries are done via UDP. How does a DNS client handle lost UDP
packets (either the query or the reply), since UDP does no retransmission?
- Due to the requirements of the IP layer, UDP packets may be as small as
576 bytes. What happens to the DNS lookup if the name to look up is longer
than 576 bytes?
- Can multiple IP addresses have the same domain name? If yes, explain
the motivation behind allowing this. If no, explain why not.
- Can one IP address be associated with multiple domain names? Explain
why or why not?
- Email addresses are typically of the form
username@machine.domain
. How is DNS used to find the appropriate
mail server for an email address?
- Why is DNS cache poisoning a concern from a security perspective?
- Describe the difference between IPSec in tunneling mode and in transport
mode.
- Why is transmission encryption more vital for a wireless link than for a
wired link?
- At what level in the protocol stack (e.g. data link, network, etc) must
a stateful inspection firewall operate? Justify your answer. When answering,
consider which fields of the header a stateful firewall inspects and in which
header (IP, TCP, Ethernet, etc) those fields are located.
- A corporation requires that all telecommuters use VPNs to connect from
home to the corporate network. Assume that all VPNs use IPSec in ESP tunnel
mode to connect the user from home to the corporate network, but once inside
the network, standard Ethernet is used to deliver data. Bob the CEO is
at home and wishes to send Alice the VP of Human Resources a memo on who
will be laid off in the next round of budget cuts. Does Bob need to use
additional encryption for this memo? Consider who Bob does NOT want to see
the memo and when the memo would be encrypted and when it would be in
plaintext with the default VPN setup.