Question
A student wants to capture the first packet after 3-way handshake sent from a conficker binary to the web-based C&C server. Of course, this binary
A student wants to capture the first packet after 3-way handshake sent from a conficker binary to the web-based C&C server. Of course, this binary will generate a large number of randomly generated domains. Towards this end, the student leverages the open source DNS relay and configures the conficker-infected host to use this DNS relay as the recursive DNS server. The student instruments the DNS relay to directly answer all DNS requests generated by the infected host.
i. Scenario-1: The DNS responses (answers) will contain two IP addresses of two web servers that are managed by this student. Will this student be able to capture the first packet after the 3-way handshaking initiated from the conficker-infected host to his/her server? Justify your answer.
ii. Scenario-2: The DNS responses (answers) will contain one IP address of one web server that is managed by this student. Will this student be able to capture the first packet after the 3-way handshaking initiated from the conficker-infected host to his/her server? How many such packets can be observed if your answer is not 0? Justify your answer.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Database Management Systems Designing And Building Business Applications
Authors: Gerald V. Post
1st Edition
0072898933, 978-0072898934
