3. Present, with a sequence diagram, an efficient network scan, which identifies SYN-ACK amplifiers in a large block of IP addresses (e.g., the entire Internet). In this question, the scan should be simple and efficient rather than stealthy; a later question will ask for a stealthy scan. The amplifiers may be in any of the 216 ports of each of the IP addresses. Consider (realistically) that many IP addresses do not respond with SYN-ACK at all (no host, blackholed IP, filtered host, no TCP). No need to consider possible rate limiting mechanisms that block excessive scanning of a given network. 4. First, design a scan to find what we refer to as helper hosts, e.g., at IP 9.9.9.9, that (1) run HTTP (web) server (on TCP port 80) and DNS server (on UDP port 53), (2) are global-IP-ID-incrementing, and (3) are behind RST-dropping router (FW). Design and explain, using a sequence diagram a scan for helper hosts. This scan does not have to 2 be stealthy, i.e., the scanner sends in the scan packets using its correct IP address (and hence can receive responses). 1. A SYN-ACK amplifier is a TCP server listening on a given port, that re-send its SYN-ACK handshake message when it does not receive an ACK (or RST) response. For simplicity, assume SYN-ACK amplifiers retransmit after one second, and repeats this up to 10 times if necessary. Illustrate the use of a SYN-ACK amplifier for a bandwidth DoS attack (you can use as a template). Note: Assume that the victim 1 Figure 1: A template sequence diagram. is 'behind' a RST-dropping router (FW), i.e., a router which drops all RST packets