• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/94

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

94 Cards in this Set

  • Front
  • Back

Why use authentication?

– Possible to demonstrate who you are to access resources



– No one should be able to read and/or manipulate our data

Alice and Bob in a two-way communication using asymmetric key cryptography. Who needs to know what key?

Two pairs: Alice needs to know her private key and the public key of both of them. Bob needs to know his private key and both public keys as well.

Mutual authentication scenario



1. A sends challenge R_a (random number)



2. B responds with R_b and E(R_a)



3. A responds with E(R_b)



What are the two attacks?

1. When Eve receives R_a from A she instead sends that challenge to B and forwards response from B to A. Drop B and continue with A.



2. When receiving challenge from A, open a new connection with A and reflect it.

How to protect against SYN-flooding?

Stream Control Transmission Protocol. Uses a 4-way handshake. Server sends a cookie to the client before it consumes any resources.

What is a smurf attack?

Attacker sends tailored ICMP messages to the broadcast address of a network. All the hosts will issue ICMP reply and flood the network.

What two basic functions does the router perform?

1. Switching: forward packets between interfaces


2. Discovery: exchange reachability info between routers

Which planes does the router operate in?

Switching (move packets between devices on the same network) in the data plane.



Routing (move between different networks) in the control plane.

How does the DNS read an URL?

DNS a tree structured system, you read the URL from right to left.

How does zone delegation work?

It is a delegation of trust. The .se NS trusts the .kth.se NS to resolve any *.kth.se.



The .se domain has no control over the kth-domain, other than the delegation.

In symmetric encryption, what is the difference between Block Ciphers and Stream Ciphers?

Block ciphers process per block of data



Stream ciphers process messages per bit or byte

A is a gateway, B is a sensor and C is a controller. Uses symmetric cryptography.



A needs to pass a collection of measurements to C. This must be authenticated and confidential. Also, C must be active and authenticated before the transmission. Design a protocol.

Use of signed ping with timestamp or nonce to check activity.



A: n ← E_KAC{RNG, tA}



A→ C: n, H(K_AC, RNG, tA, n)



After reception and decryption



C→ A: E_KAC{tC}, H{KAC, RNG, tC}



Then A sends like the usual protocol.

Why doesn't BGP suffer from the count to infinity problem?

A router with BGP receives the whole path to the destination that the neighbor uses. Thus the way is checked.

If Alice wants to communicate with Bob, what are the two types of threats?

- Passive attacks: tries to reach the goal without affecting the data



- Active attacks: tries to break the system

Alice and Bob in a two-way communication with symmetric key cryptography. How many keys are needed?

One symmetric key which both need to know.

How does the SYN-flooding work?

Abuses 3-way handshake (TCP) and opens many half-open connections.



Without an attack:


1. SYN


2. SYN-ACK


3. ACK

How does block ciphers work?

Encrypt a block of input to a block of output. A permutation of strings, i.e. exists an inverse function E^(-1).

How does key establishment work?

Two parties agree on a secret key to build a secure communication channel. A sub-task of entity authentication.

How are authentication servers vulnerable?

- Nothing guarantees the freshness of messages.



- An attacker can access a user's authentication token and log into the system. Possible solution: 2FA

How to ensure that a message is not a replay of an old message?

Through challenge-response authentication.



1. send challenge



2. send response that indicates freshness → use of time constraints, if message doesn't arrive on time, AUTH fails

A is a gateway, B is a sensor and C is a controller with symmetric cryptography. How can A verify the authenticity and sequence integrity of each measurement from B, while the data is kept confidential?

Message sent by B: m



Keyed hash, symmetric key K_AB



Identities of sender and receiver should be included. For integrity purposes, include the internal clock or seq. number. Encrypt m and send the ciphertext and keyed hash.



A: c ← K_AB{m,A,B,seq}



A → B: c, H{K_AB,A,B,seq, c}



Check if timestamp less than own clock

How can nonces and timestamps be used to check for activity and authentication?

— Sending a nonce and timestamp can be used for authentication before transmission.


Both parties check their exchanged clock values to see if the difference is below a threshold.


— This type of challenge should be linked to the response, such as in a keyed hash.

Asymmetric key: host A communicates with host B. Both hosts have only their own public and private key. A needs to ping B. Assume synchronization (tA=tB) . Design a protocol.

Signed ping with timestamp or nonce. Needs to have B's certificate (public key) in the reply message.

How is a secure protocol for A pinging B protected against attacks?

A man-in-the-middle cannot tell who is B and whether its public key is B's. Use of a CA to give out public keys. Can also use a third party (not CA) trusted by both A and B.

What is the entropy of a password?

H = L*log2(N)



L = length of the password


N = size of the alphabet used

What are the security goals?

1. Confidentiality: no one can read



2. Integrity: no one can manipulate



3. Availability: can access on demand

Why use authorization?

To manage rights to perform a task.

What is non-repudiation?

Nobody can deny nor manipulate the content.

What is FHSS?

Frequency Hopping Spread Spectrum, to rapidly switch a carrier and become more resistant to interference.

What are the basic BotNet architecture?

1. BotMaster: needs to be online only briefly



2. Handlers: control over the BotNet. Master commands the handler



3. Stepping stone: proxy, projects the master. Traffic between master and handler through these



4. Zombie machines: infected and recruited to the BotNet

Which three tasks does a router perform in the data plane additionally?

1. Drop packets due to congestion



2. Delay packets for QoS



3. Transform packets for encapsulation/tunneling

How does stream ciphers work?

1. Start with secret a secret key ("seed")



2. Generate a keying stream which is a function of the key and previous cipher text bits



3. Combine the steam with the text to produce the cipher text

How can two users that have never met before communicate securely?

Through an authentication server. An AS is like a DB with names. Trusted to behave honestly.

How is confidentiality, integrity (the seq.) and authenticity (of the origin) achieved?

C: through encryption



I: through cIock values



A: through keyed hashes

If A frequently pings B and prefer to use a symmetric key scheme. What measures needs to be taken?

Encrypt the key, sign, and make sure it's a protocol that allows A to transmit a symmetric key to B.

What is the probability to transmit exactly 78% of the messages confidentiality when there are two transmissions?

Need to hit it on one slot while avoid the other.



0.5 × 100% + 0.5 × 56% = 78%



Pr(78%) = (2 over 1)Pr(Hit)(1-(Pr(Hit)) = 0.42



and since the total confidential rate is 0.49



Pr(at least 78%) = 0.42 + 0.49 = 0.91

Compared to the protection against jamming, is FHSS a suitable technique for confidentiality with respect to eavesdropping?

No, it is not. Even though jamming attacks would need more power to disturb the channels, it is easier to listen (attack) to the channel.

What kind of solutions to eavesdropping in FHSS are there?

Good solutions in the physical and higher layers for the confidentiality. Anti-jamming techniques are rather limited.

Name some possible solutions to the problem of eavesdropping at the physical and higher layers.

Physical layer: information theoretical security



Advantages: does not require any secret shared key or sequence and is proven, unbreakable security


Disadvantages: cannot be applied everywhere and requires channel state information



Higher layers: cryptography

If each BGP router could issue its own private-public key, would this solve authentication problems?

No, unless a trusted third party such as a public key infrastructure (PKI) certifies the public key.

How is asymmetric keys used for encryption and decryption?

Alice encrypts the message with Bob's public key



Bob decrypts with his private key

How would a key transport protocol look like if Alice uses Bob's public key to provide a new shared symmetric key and authenticate herself. Assume sequence Si they both remembers and that Bob knows Alice's public key. The protocol is one-way from A to B.

E_PKB{K_AB}, S{i+1},Sig_Ka{S{i+1},K_AB}

Connect two hosts A and B over a WLAN system. Assume B wants to authenticate host A based on the following challenge-response protocol:



B: challenge ← RNG



B: challenge → A



A: response ← E_privA(challenge)



A: response → B



B: E_pubA(response) == challenge




Does it offer mutual authentication?

No, only A is authenticated. A must also challenge B.



B: challenge_B ← RNG



B: challenge_B → A



A: response_A ← E_privA(challenge_B)



A: challenge_A ← RNG



A: (response_A, challenge_A) → B



B: E_pubA(response_A) == challenge_B



B: response_B ← E_privB(challenge_A)



B: response_B → A



A: E_pubB(responseB) == challenge_A

Connect two hosts A and B over a WLAN system. The nodes want to exchange a large amount of data in an efficient manner and ensure integrity, sender authenticity, non-repudation, and confidentiality.



Design a protocol.

A: Ks ← Gen_Ks (generate session key)



A: N_a ← RNG



A: k ← E_pubB(A, B, N_a, tA, Ks)



A: c ← E_Ks(m)



A: h ← H(c, k)



A: s ← E_privA(h)



A: (k, c, s) → B



B: (A, B, N_a, tA, Ks) ← E_privB(k)



B: h ← H(c, k)



B: E_pubA(s) == h



B: m ← D_Ks(c)



Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



How many hosts are under the control of the BotMaster and can be orchestrated to attack?


2^5 + 2^5 + 2^9 = 576 hosts.



It's also correct if the first (i.e. netmask) and the last (i.e. broadcast) IP addresses are considered invalid. Then the number should be changed but somewhat similar to the one above

Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



Can the attacker clog the 10 Gbps link of the server?

12 * 2^5 + 10 * 2^5 + 5 * 2^9 = 3264 Mbps



No. This is less than the link capacity.

Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that converges into a link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



What is the maximum outgoing SYN packet rate the attacker can blast from each subnet?

For the first subnet:



(12 * 2^5 Mbps)/(60 bytes) = 838860 SYN/s

Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that converges into a link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



What is the time to exhaust the RAM allocated for TCP connections?

Example: 1st subnet



(Max_RAM_allocated)/(Amount_of_syn * Server_allocation) = (8 GB)/(838860.8 * 256 B) = 40 s

Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that converges into a link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



What if the server cleans up the Transmission Control Block for semi-open connections that is not yet established after 60 seconds. Use previous answer.

If it takes 40 seconds or 5 second, the server is clogged before any SYN packets can be dropped.

Consider an attacker that compromises machines and establishes a BotNet in the different networks. The attacker compromises all machines (hosts) in the following three subnets, and the links all converges to a single link that connects to the rest of the Internet.



1. net-1: 47.209.137.64/27 (12 Mbps)


2. net-2: 30.160.66.192/27 (10 Mbps)


3. net-3: 132.223.236.0/23 (5 Mbps)



A TCP SYN attack is launched, each packet 60B long. The server allocates 256B upon receipt of a SYN packet and can allocate at most 8 GB of RAM for the received packets.



How can the victim protect itself? Give three alternative countermeasures.

1. Rate limit


2. SCTP


3. Puzzle

Given a local network 192.168.0.1 and network mask 255.255.255.192. There is a connection to a web server via a path of routers (A,B,C,D). The IP address of the web server is 173.194.71.99. The adversary is in the 192.168.2.0/26 network, controlling one machine and wants to launch a DDoS attack against the web server.



The attacker chooses to abuse the ICMP protocol: define the fields of the IP header so that all the hosts of the local network flood the gathered 6 server with spurious traffic.



What type of ICMP packet could be used for this attack? In addition, what should be the values of the following fields of the IP header in order to launch this ICMP attack?


(a) source address


(b) destination address

ICMP broadcast request



Source: 173.194.71.99



Destination: 192.168.2.63 (network broadcast, 255.255.255.255 also OK)

Given a local network 192.168.0.1 and network mask 255.255.255.192. There is a connection to a web server via a path of routers (A,B,C,D). The IP address of the web server is 173.194.71.99. The adversary is in the 192.168.2.0/26 network, controlling one machine and wants to launch a DDoS attack against the web server.



The attacker chooses to abuse the ICMP protocol: it has to define the fields of the IP header so that all the hosts of the local network flood the targeted server with spurious traffic.



Assume that all available IP addresses were allocated to hosts in the local network. How many ICMP packets would be sent to the web server every time the attacker sends a message as the one created previously?

The mask is 26 bits so 6 bits are used for local hosts. The answer is 62 packets (64 - 2).



Given a local network 192.168.0.1 and network mask 255.255.255.192. There is a connection to a web server via a path of routers (A,B,C,D). The IP address of the web server is 173.194.71.99. The adversary is in the 192.168.2.0/26 network, controlling one machine and wants to launch a DDoS attack against the web server.



The attacker chooses to abuse the ICMP protocol: it has to define the fields of the IP header so that all the hosts of the local network flood the targeted server with spurious traffic.



— What is the name of this attack and what countermeasures are there?

Smurf / Amplification attack



Ingress filtering

(a) two neighbouring routers and (b) a topology where each node can be assumed to be a router and each edge is a direct connection between two routers



Assume adversaries are external to the routing infrastructure. Consider the proposal to authenticate routing updates sent to a neighbouring router. Which type of cryptography would be most appropriate? How does intra-AS or inter-AS routing affect your recommendation?

Intra-AS routing: symmetric cryptography is better


(i) can easily create and share symmetric keys with neighbors since they are physically connected


(ii) internal network relatively stable, no need to share keys frequently with new routers


(iii) computing MACs is much cheaper than generating a signature with asymmetric keys



Inter-AS routing, asymmetric cryptography is better


(i) sign an update once and send to all neighbouring AS


(ii) if we'd use symmetric keys, sharing would be difficult with every new and remote router


(iii) not proper to share a symmetric key between two AS without any higher-level authority. No judgement can be made once a router misbehaves (e.g. in case of being compromised).

(a) two neighbouring routers and (b) a topology where each node can be assumed to be a router and each edge is a direct connection between two routers




Use the most appropriate cryptographic primitive of your choice and propose a protocol, independent of specific routing protocols, which A and B should execute in order to authenticate their messages and protect themselves against relayed updates.

Between A and B, use a symmetric key to authenticate an update.



{update, timestamp, H(K_AB, update, timestamp)}

(a) two neighbouring routers and (b) a topology where each node can be assumed to be a router and each edge is a direct connection between two routers



How would you modify (if at all) your protocol to have the same protection for OSPF link-state updates (or advertisements)? Please make sure you properly state your assumptions.

For OSPF, use asymmetric keys to authenticate an advertisement, assuming a public/private key pair for A: KA, kA (of course the public key should be authenticated by e.g. a CA that is trusted by all the routers).



{update, timestamp, Sign_kA(update, timestamp), Cert_CA(KA, A)}



Then all other routers can verify the advertisement with KA.

(a) two neighbouring routers and (b) a topology where each node can be assumed to be a router and each edge is a direct connection between two routers



Consider the Border Gateway Protocol (BGP). Each speaker is supposed to advertise its own destinations/network. Describe how an update from speaker H propagates to D in fig. 2.b. Then, assume that speaker F is compromised. How can it hijack part of the destinations of H. Assume that H has the routes to the destination/network 10.1.0.0/22.

Assuming hop count is the only criteria to select paths.



H -> A: (H)


A -> B,C,G: (A,H)


B -> D: (B,A,H)



D receives F,C,A,H via C->F and F->D but it's longer.



Assuming H has the routes to 10.1.0.0/22, then if F is compromised, F can announce the routes to 10.1.0.0/24 exploiting the longest matching prefix in BGP.

Consider Secure BGP (S-BGP): what is an address attestation [2 examples]?

1. Digitally signed statements used to assert the authenticity of prefix ownership and advertised routes.



2. Each attestation is a signed statement of delegation of address space from one organisation or AS to another.


Consider Secure BGP (S-BGP): what is a route/path attestation and how can they prevent an attack from a router (e.g. modifies updates)?

1. Route attestations are distributed within S-BGP in a modified BGP UPDATE message as a new attribute.



2. Route attestations are signed by each AS as it traverses the network. All signatures on the path sign previously attached signatures (e.g. nested). Hence, the router can validate not only the path but also that:



— the path was traversed through the AS in the order indicated in the path


— no intermediate AS were added or removed by an adversary.

Consider Secure BGP (S-BGP): what is a significant concern for S-BGP in terms of overhead and complexity?

1. S-BGP introduces a message overhead due to certificate exchanges, CRL download, and address attestations.



2. That information can instead be stored in internal servers, managed directly by the ISP and then accessed through out-of-band channels.



3. Although part of this message overhead can be shrunk, sooner drawbacks are still in place such as the computational overhead for generating and validating the signatures or the requirement of a PKI.

What is DNS cache poisoning and what countermeasures are there?

The attacker bruteforces DNS replies to provoke queries.



DNSSEC can prevent it but it's not fully deployed yet. A way to mitigate the attack is to randomise the query ID and source port (27-bit entries instead of 16-bit).

What is DNS rebinding?

— Browser mitigation: refuse to switch to a new IP



— Server side defense: authenticate users with something other than IP and reject unknown HTTP requests

How does zone walking (enumeration) in DNSSEC work?

Fill in the following:



1. DNS is a ...


2. DNS was not ...


3. Query IDs are not ...

1. DNS is a tree with delegated trust



2. DNS was not designed with security in mind



3. Query IDs are not sufficient protection

What are the two modes of operation for wireless networks?

Infrastructure and Ad-hoc mode

What is the infrastructure mode?

– No direct communication between devices


– All traffic goes through the AP


– Security Associations between devices and AP

What is Ad-hoc mode?

– Direct communication and security associations between devices



– No AP is needed

What is a threat agent, an attack vector and security control?

Threat agent: an entity that tries to compromise the system or specific assets



Attack vector: a methodology to launch an attack



Security control: countermeasures we apply to reduce or eliminate vulnerabilities

What is the Same Origin Policy for scripts?

How does a session management hijacking work?

– Attacker creates a session with a known ID


– No need to guess the ID of the victim

What are the three properties of a secure hash function?

1. One-way: x → H(m)



2. Collision resistance: Given m1 ≠ m2, H(m1) ≠ H(m2)



3. Pre-image resistance: Given m1, hard to find m2 such that H(m1) = H(m2)

How does a certification authority (CA) work and what is the root?

RDN = relatively distinguished names

How does certificate revocation work?

Managed with a certificate revocation list (CRL), a form of anti-certificate which cancels a certificate (= blacklist).

How does Pretty Good Privacy (PGP) work?

1. Based on public key cryptography



2. Each user has a set of keys (public/private), which are self-issued (hashed and signature over the hash with the corresponding private key)



3. Keys are self signed: no CA but a web of trust (WOT)

What is the difference between encryption and signing?

Encryption: use the recipient's public key and then the person decrypts with the private key



Signing: use your private key to prove that I'm the only possible sender (don't care who reads the messages)

What are the principles of a PKI?

- Users apply for a certificate with his public key at a registration authority (RA)


- The RA confirms the identity of the users to the CA, which issues the certificate


- The user can now digitally sign a contract which is then checked by a validation authority (VA)


Consider a FHSS scheme with 10 available channels. Nodes transmit over one channel for 200 ms and then pseudo-randomly chooses another of the 10 channels to hop to. No delay and uniform distribution of choice.


The adversary jams 3 channels.



What is the probability that a transmission that lasts 1 second is unjammed? What is the probability that 60% of the transmissions are jammed?

Transmission: n = 1/0.2 = 5 slots



Each slot has the probability of 70% to choose an unjammed channel.



Choosing k unjammed slots:


Pr(K=k) = (n over k)×(p^k)×(1-p)^{n-k}



For 100%: 1×(0.7^5)×(0.3^0)≈17%



For exactly 40% success rate, we need 2 correct transmissions:


Pr(K = 2) = 10 × 0.7^2 × 0.3^3 ≈ 13%



For at most 40%, we need 0, 1 or 2 correct transmissions:


Pr(K=0) + Pr(K=1) + Pr(K=2)


Name one real system that uses Adaptive Frequency Hopping. How many channels does it use?

Bluetooth, with 79 channels

How can two nodes that use AFH manage to communicate in the presence of the jammer?

For the AFH and any FH there should be enough knowledge at both ends of a communication link to hop in the same manner, in order to communicate

Would cars from Zürich be able to travel to in the UK? Explain the chain of trust (certificates) that a British car would check if it received a Swiss certificate in London.

Yes they would because they both trust the European CA.



A Zurich car in London wants to communicate with British cars. It broadcasts its messages and its certificate. The CA certifies that the public key sent is the correct one to decrypt/verify messages from the car. If the receiving car trusts the CA, then it trusts the certificate.

What actions should be taken by which authorities if the German CA gets compromised (i.e. its private key gets compromised).

If CA Z gets compromised then CA X which trusted Z must now declare that it no longer trusts that certificate (using revocation lists). In this example the European CA should revoke the German certificate and consequently all certificates below it.

What are stateful and stateless firewalls?

Stateful firewall/protocol: requires keeping of internal states on the server, e.g. TCP streams.



Stateless firewalls: does not require the server to retain session information or status about communication partners

How can you circumvent the firewall?

By encapsulation (DNS tunneling). Even if the firewall is blocking ICMP messages, these messages can still go through by encapsulating them inside packets allowed by the firewall.

What is the difference between DNSSEC and DNS?

DNSSEC signs (authenticates) replies but does not provide confidentiality

What problems does DNSSEC solve?

Problems related to attacks where an untrusted adversary objects or changes DNS replies. If the user trusts the CA, she can trust the reply.

Alice wants to check-out an e-book. Describe an authentication protocol between Alice (her smartcard) and KTHB. Must ensure freshness and integrity and reassure Alice that she communicates with the KTH server.

Design a challenge-response protocol leveraging asymmetric cryptography. The idea is that Alice should generate a signature of a challenge provided by the server.

How can you secure a network running BGP from prefix hijackings?

Using address attestations (AA) and route attestations (RA).



With AA, each router can only advertise the IP range it's assigned. This is achieved with a PKI infrastructure and with the CA issuing certificates containing the public key and IP range.



With RA, each BGP update certifies that neighbouring AS can only advertise IPs belonging to the issuer of the update.

How does RIP work?

— Intra-domain routing


— No need for a full network knowledge


— Use the hop count as a metric (distance vector algorithm)

How does open shortest path first (OSPF) work?

— Intra-domain routing


— Every node constructs a view of the network topology


— Use link costs

How does link state routing work (LSR)?

— Link state information is broadcasted (flooding) at fixed times and upon detected change



— Each router calculates independently the shortest path to each of the routers (Dijkstra)

How does the border gateway protocol (BGP) work?

Inter-domain routing



— Explicitly provided routing paths, based on policies between ISPs

How does path vector routing (PVR) work?

Each AS advertises the path it prefers to get to a specific AS.

What are some defenses for RIP attacks?

What is IPsec used for?

Security at the network layer. Encrypt/authenticate IP packets. Uses authentication headers (AH) and encapsulating security payload (ESP).

What is a LAND attack?

Local Area Network Denial.



Sending the victim a spoofed TCP SYN packet with the victim's IP address in both source and destination. Can crash several services, back in the days (1997).