We have an internal webserver, used only for testing purposes, at IP address 5.6.7.8 on our internal corporate network. The pack
et filter is situated at a chokepoint between our internal network and the rest of the Internet. Can such a packet filter block all attempts by outside hosts to initiate a direct TCP connection to this internal webserver? If yes, design suitable packet filter rule sets (similar to those shown in the table below) that provides this functionality; if no, explain why a (stateless) packet filter cannot do it.
Table: Packet-Filtering Examples
Rule, Direction, Src address, Dest addresss, Protocol, Dest port, Action
1, In, External, Internal, TCP, 25, Permit
2, Out, Internal, External, TCP, >1023, Permit
3, Out, Internal, External, TCP, 25, Permit
4, In, External, Internal, TCP, >1023, Permit
5, Either, Any, Any, Any, Any, Deny
Table: Packet-Filtering Examples
Rule, Direction, Src address, Dest addresss, Protocol, Dest port, Action
1, In, External, Internal, TCP, 25, Permit
2, Out, Internal, External, TCP, >1023, Permit
3, Out, Internal, External, TCP, 25, Permit
4, In, External, Internal, TCP, >1023, Permit
5, Either, Any, Any, Any, Any, Deny
1 answer:
Answer:
Check the explanation
Explanation:
A packet filter firewall is used as a check point between internal corporate network to the outside internet. It blocks all the inbound traffic from the outside hosts trying to initiate a direct TCP connection to the internal corporate webserver. The network design with firewall is shown in the attached image below:
The figures in the attached image below shows an internal corporate network is protected with a packet filter firewall to minimize the inbound traffic from the external network or an internet. Therefore, the packet filter is used as a check point between the network.
The packet filter blocks all attempts by the outside hosts in order to initiate a direct TCP connection to the internal webserver of the internal corporate network.
Going by the second part of the attached image below can can therefore conclude that:
• Rule 1 specifies that, deny any packet with the destination address 5.6.7.8 if the STN flag of TCP header is set.
• Rule 2 specifies that, allow the inbound email traffic from the external source.
• Rule 3 specifies, allows the Outbound TCP traffic from the internal corporate network.
• Rule 4 specifies, allows outbound Email traffic from the internal corporate network to the external network.
• Rule 5 specifies, block any traffic from any source to the any destination.
You might be interested in
Answer:
<u>The total time elapsed from the time a bit is created (from the original analog signal at Host A) until the bit is decoded (as part of the analog signal at Host B is </u><u>25.11 ms</u>
Explanation:
Host A first converts the analog signal to a digital 64kbps stream and then groups it into 56-byte packets. The time taken for this can be calculated as:
time taken 1=
= (56 x 8) bits / 64 x 10³ bits/s
= 7 x 10⁻³s
time taken 1= 7 ms
The transmission rate of the packet from Host A to Host B is 4 Mbps. The time taken to transfer the packets can be calculated as:
time taken 2= (56 x 8) bits / 4 x 10⁶ bits/s
= 1.12 x 10⁻⁴ s
time taken 2= 112 μs
The propagation delay is 18 ms.
To calculate the total time elapsed, we need to add up all the time taken at each individual stage.
<u /><u> = Time taken 1 + Time taken 2 + Propagation Delay</u>
= 7 ms + 112 μs + 18 ms
= 0.025112 s
= 25.11 ms