CIS3360: Security in ComputingHomework 21.(35 points) Knowledge-based Questions:a.Although the majority of current botnets use the centralized C&C communicationarchitecture, why they are very hard to shut down even if defenders know all of the botmachines in a botnet?b.Give the name of a real rootkit that utilizes Direct Kernel Object Manipulation (DKOM)technique?c.What is Trojan malware? What is a backdoor?d.What is ARP? In what network layer is ARP being used?e.What is a Smurf attack? What is a SYN flooding attack?f.What are the two major DNS query modes? How many types of resource records aresaved on a DNS server?g.Why it is easy for attacker to send out spoofed packets in the“thin pipe/thick pipe”method while it is very hard for an attacker to inject spoofed packets in a normal TCPcommunication session?•a.Even if defenders know all the infected bot machines in a botnet, shutting it down is difficultbecause of several reasons:1.Bot machines can be distributed across many countries, making legal actions ortakedowns complicated and time-consuming.2.Botnets can use decentralized C&C (command-and-control) structures or peer-to-peer(P2P) networks, where nodes can act both as bots and controllers. This makes it harderto shut down the entirebotnet by targeting a single C&C server.3.Fast-flux techniquesallow attackers to quickly change their C&C server’s IP address,making it harder for defenders to block the botnet effectively.4.Infected machines are often spread across different ISPs andnetworks, making theidentification and removal of infected hosts more challenging.•b.A well-known example of a rootkit that uses theDirect Kernel Object Manipulation (DKOM)technique is theZeus rootkit. It manipulates the Windows kernel to hide its presence andprevent detection by antivirus software.oc.Trojan malware:A Trojan is a type of malicious software that pretends to be alegitimate program but actually contains harmful code designed to compromise thesecurity of the victim’s system. It does not self-replicate like viruses but relies on thevictim's actions to execute.oBackdoor:A backdoor is a method of bypassing normal authentication and securitymechanisms in a system to gain unauthorized access. It allows an attacker to remotelycontrol the system or inject further malicious actions without detection.d.ARP (Address Resolution Protocol)is a protocol used to map a known IPaddress to its corresponding MAC (Media Access Control) address in a localnetwork. ARP operates in theData Link layer (Layer 2)of the OSI model,Preview Mode
This document has 7 pages. Sign in to access the full document!