4). Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 2s6 connection requests. This sys- tem will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additiona are used against this attack and that the attacker has filled this table with an initial flood of connection requests. At what rate must the attacker continue to send TCP connection requests to this system in order to ensure remains full? Assuming that the TCP SYN packet is 40 bytes in size (ignoring framing overhcad) bandwidth does the attacker consume to continue this attack? 5). SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a server program. The server listens on TCP port a packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set 25 for incoming wish to build Direction Addr Extermal Addr Internal 1023Permit External xternal 25 1023 a). Describe the effect of each rule. b). Your host in this example has IP address 172.16.1.1. Someone tries to send c-mail from a remote host with . address 192.168.3.4. If successful, this generates an SMTP dialogue between the remote user and the SMTP server your host consisting of SMTP commands and mail. Additionally, assume that a user on your host tries to send e-m to the SMTP server on the remote system. Four typical packets for this scenario are as shown: Packet Direction Sre Addr Dest Addr Protocol Dest Port 25 1234 25 1357 In 192.168.3.4 172.16.1. 172.16.1.I 192.168.3.4 192.168.3.4 172.16.1.1 TCP TCP TCP Out In 192.168.3.4 1 Indicate which packets are permitted or denied and which rule is used in each case c). Someone from the outside world (10.1.2.3) attempts to open a connection from port $150 on a remote hos Web proxy server on port 8080 on one of your local hosts (172.16.3.4) in order to carry out an attack. Typical are as follows Dest Port 8080 Packet Direction Src Addr Dest Addr In 10.1.2.3 172.16.3.4 TCP 172.16.3.4 10.1.2.3 TCP 5150 ill the attack succeed? Give details