Buffl
Buffl
iLab

Additional

JJ
by Jensen J.

What messages are broadcasted in DHCP and why?

  • discover

    • src 0.0.0.0; dst 255.255.255.255

  • offer

    • src: DHCP, dst: Broadcast

  • Request

    • src: 0.0.0.0, dst: Broadcast

    • -> use server id to let servers know which one was chosen…

  • ack

    • src DHCP; dst Broadcast


Timers DCHPv6

  • preferred lifetime

    • IP can be used without restriction

    • -> if is 0, can still be used but should not for new connections…

  • valid lifetime

    • greater equal preferred

    • -> after this, not valid anymore… (must not be used)

  • and t1, t2,…


DHCPv6 prefix delegation vs address assignment?

  • IA_PD

  • IA_NA


Whas is an IA?

  • identity association

  • construct allowing management and grouping iPv6 addresses or delegated prefixes

  • -> identified with IA_ID

    • -> must be unique AT CLIENT and chosen by client


How is the strcuture of IAs at the client side?-

  • assign at least one IA wiht each interface the client wants an address / prefixes for…

  • contrary, …IA_PD can be assigned to client itself, one interface or mutliple interfaces…

  • -> each with unique (on client side) IA_ID identified..


NAT ICMP in active connection?

  • wont go through

  • have to be filtered and relayed by nat router


Ports and IP in PASV in ftp?

  • client indicates it want to connect to server

  • -> server responds wiht IP and Port it is listening to….


What is the difference between signatures and MACs?

  • signature:

    • uses pub key

  • MAC

    • private (symmetric) key -> increase in MAC…


What are tokens used for?

  • address validatoin


Why use address validatoin?

  • to prevent being misused for amplification attacks

  • -> verify that endpoint is able to receive messages at endpoint it specifies

  • -> used either during connection establishing or connection migration


How are amplificatoin attacks limited in quic?

  • server must not send more than three times the amount of data it received prior to client address validatoin


QUIC what is the difference between path and address validatoin?

  • address validation -> ensure endpoint is able to receive data at specified address

  • path validation -> ensures reachability, only done at connection migration


How is address vaildation done?

  • implicitly during connection establishment

  • prior to handshake with token in retry packet

    • must be included in subsequent client packets

  • server can provide address validatoin token to client for future connections

    • -> Client must use token in future connections unless provided new one with retry packet


Why and when is path validaiton used?

  • used FOR conneciton migration

  • can be used anytime by either endpoint

  • -> started by one endpoint transmitting a path challenge over the new path…

  • -> path response echoes the received data


Join Course
Preview

Author

Jensen J.

Information

Last changed

Report course
© 2023 Buffl GmbH