Question 1a.

 Running head: QUESTIONS 1
Questions
Student’s Name
Institution of Learning
QUESTIONS 2
Questions
Question 1a. There are many problems which can be seen in this process. Firstly, one
would like to say that reassembly is just a part of fragmentation, but it is not exactly the same.
Intermediate devices do not reassembly, while intermediate routers can do that since they are
able to fragment a single datagram. That is the main difference and the problem when it comes to
reassembling processes with intermediate devices. One would like to say that reassembly on the
final destination has many reasons for being implemented. Firstly, a router cannot see the entire
message or all its fragments because fragments may use various routes in order to get to the
destination. Secondly, this process increases complexity of using routers. Thirdly, it is essential
to wait for the fragments and then send the reassembled message. It slows down the entire
process which makes not reassembled routers work faster, sending all of the fragments quickly
without hesitations, so the receiver gets them on time.
Nevertheless, there are still some problems like the fact that a fragment may be lost, and
it would be impossible to get the entire message unchanged. Also, there may be a potential
danger when utilization data link layer frame capacity between different routers.
Question 1b. In a situation then a sender (Host B) sends TCP fragments using out-oforder sequence number which is higher than it was expected; the receiver (Host A) cannot get
these segments. Hence, the TCP/ IP protocol states about the inability of the receiver to perform
the set task. Then, the segments are being sent to sender again with sequence that can receive
them, and resend to receiver. This way, it is possible to send the data effectively.
Question 2. There is a way to detect APR spoofing attack, taking into consideration the
many times it has been under similar attacks. The problem with APR lies in the absence of
authentication. Hence, attacks on ARP often lead to LAN attacks which are more difficult to deal
QUESTIONS 3
with. There is another problem concerning the fact that ways of dealing with spoofing attacks are
usually passive with analysis of IP mapping or Ethernet which also takes a long time. Hence, it is
difficult to discover, not to mention prevent, the attack. Thus, one would like to recommend an
active technic while detecting ARP spoofing. In this method, it is required to inject ARP request
along with TCP SYN packets. They should be injected into the network; this is done for
inconsistency probe. It would increase the security level greatly, and it is also faster, although
there are some weaknesses, such as difficulty while working with MAC when it comes to
detecting IP addresses.
Question 3. FMS attack has been introduced and analyzed in 2001 (Fluhrer, Mantin, &
Shamir, 2001). When speaking about this attack, one thinks of an attacker using the track of
WEP protected network that may record encrypted packets. Thus, the attacker uses RST bytes
that can be easily predicted. This way, the initialization vector is unprotected which gives the
attacker an ability to get RST 3 bytes as well as keys to all packets.
The Chopchop attack is different from this one because the attacker uses it for decoding
the last M bytes of text. This way, he or she can get the decoded packet. Nevertheless, the root
key is not being revealed during an attack.
Hence, the Chopchop attack requires a four byte CRC32 being appended to the data
before decoding. A four byte has a checksum ICV. Then, the packet that has P checksum is being
used as an element for the polynomial ring F2. In case of correct checksum, P mod
PCRC=PONE holds, and PONE and PCRC are polynomials which are known.
Question 4. This decision can achieve the main purpose of protecting routing
modification attacks. After all, this choice allows guarding update messages, which are being
routed between two symmetric key types distribution approaches. The first approach requires a
QUESTIONS 4
centralized controller to have the needed keys in the BGP routers. After that, it is possible to call
protocols. There is also another approach. In this case, there is no centralized controller. Hence,
the needed keys are being transmitted to the BGP routers by AS.
One would also like to state that BGP’s goal is to advertise the routing path info for IP
prefixes, and in this case, BGP routers have to create TCP connections with different BGP. This
way, it is possible to pass the information as update messages between BGP. Then, in case BGP
router gets many paths with the same prefix, it is able to determine and pick the best one having
its own criteria. It shows that the decision is an effective one, and it was a smart choice of the
company. Although there may be minor issues with prefix advertisement, the benefits exceed the
risks.
Question 5. Snort has a powerful d