Guide to TCP/IP: IPv6 and IPv4, Fifth Edition
ISBN 978-1-305-94695-8
Chapter 12 Solutions
Answers to Review Questions
1. False
3. c
5. b
7. d
9. a, b
11. b
13. d
15. a, c
17. b, c
19. d
21. a
23. a
25. a, b, c, d
Hands-On Projects Discussion
Hands-On Project 12-1
In this project, students examine a trace file of an ARP-based reconnaissance probe. As the students scroll through
The following are answers to the questions about Packet #1:
4a. What is the IP address of the device sending out the ARP broadcasts?
10.0.0.1
4b. What hosts were discovered?
10.0.0.49
10.0.0.51
10.0.0.55
Guide to TCP/IP: IPv6 and IPv4, Fifth Edition
ISBN 978-1-305-94695-8
4c. How could this type of scan be used on a small routed network?
Hands-On Project 12-2
In this project, the students examine a TCP-based port scan. The scan is sequential—an easy one to catch. TCP
The answers to the project questions follow:
Packet #1:
3. What TCP flag is set in this packet?
Packet #2:
4. What flags are set in this packet?
Remaining packets:
5a. How obvious is this port probe?
5b. If this probe continues through all the ports, will it detect the DHCP service process?
5c. Based on this set of probes, what ports are active on the destination device?
Hands-On Project 12-3
In this project, the students build and test a filter that detects activity to a port that should be blocked (port 7).
After building the filter, the students use the ch12_Portscan.pcapng file to test the filter.
Hands-On Project 12-4
In this project, the students create a complex filter to look for traffic that uses the standard Back Orifice and Trinoo
port numbers (31337, 31335, and 27444).
Guide to TCP/IP: IPv6 and IPv4, Fifth Edition
ISBN 978-1-305-94695-8
Hands-On Project 12-5
In this project, the students examine an operating system (OS) scan that was run by an Nmap attacker. The attack
The answers to the project questions follow:
3. Who are the top three talkers?
5a. What is the host name that is resolved?
5b. What is the probable IPv4 address of the attacker?
10.1.0.103
5c. What is the probable IPv4 address of the attacked?
5d. How do the IPv4 addresses you identified in items b and c above correlate to the top talkers list you made in
Step 3?
Hands-On Project 12-6
In this project, the students examine an OS scan that was run by an Nmap attacker. The attack was targeting a
specific IPv6 host. Looking at the IPv6 top talkers and DNS reverse lookup query and query response, it can be
The answers to the project questions follow:
3. Who are the top three talkers?
5a. What is the host name that is resolved?
5b. What is the probable IPv6 address of the attacker?
Cannot be determined by simply looking at the DNS PTR query, as the DNS PTR query was based on the attacker
5c. What is the probable IPv6 address of the attacked?
2001:db8:1ab:ba5e::109
5d. How do the IPv6 addresses you identified in b & c above correlate to the top talkers list you made in step 3?
Guide to TCP/IP: IPv6 and IPv4, Fifth Edition
ISBN 978-1-305-94695-8
Case Projects Discussion
Case Project 12-1
You should protect against the following port numbers:
• TCP 21 – FTP
• TCP 22 – SSH remote login
To test your firewall, use the test-attack-tune cycle as many times as necessary until you get to the point where no
changes are needed from one iteration to the next.
Case Project 12-2
Following the “Protecting the Perimeter of the Network,” “Major Firewall Elements,” “Basics of Proxy Servers,”
“Implementing Firewalls,” and “Step-by-Step Firewall Planning and Implementing” sections in the chapter,
students will research firewall technologies as to what other services they provide that their current platform does