Question 1
Two interface of the router is configured with IP addresses 192.168.1.1, subnet mask 255.255.255.0 and IP address 192.168.2.1, subnet mask 255.255.255.0. Would the routing table of the router contain any information? Provide explanations
Answer
When the interfaces are configured with the respective IP addresses and subnet mask, the router would perform an ANding operation with the IP address and subnet mask. This would ultimately yield the network address for the interface. Once the interfaces are configured with the IP addresses and subnet masks, two entries
would be available in the routing tables which are 192.168.1.0 (Network address of 192.168.1.1) and 192.168.2.0 (Network address of 192.168.2.1).
Question 2
What is the use of a subnet mask in the routing table of a router? Answer
The subnet mask is used to identify the network address corresponding to the received IP packets on the router. Assume that an IP packet has arrived with the destination IP address as 192.168.1.5.The route table contains the following entry.
192.168.1.0 255.255.255.0.
192.168.1.5 would be “And ed” with 255.255.255.0 and determined that the destination IP address is a member of the 192.168.1.0 network.
Question 3
A router has two paths to a network with a static route and dynamic routing protocol. Which path would a packet bound to the network take when it reaches the router?
Answer
When there are two paths to the same network, the path with the lower administrative distance would be used for forwarding the packet. The AD (Administrative Distance) of static route is lower than that of dynamic routing protocols. So the path which the static route points to would be taken by the packet.
Question 4
How is a wild card mask interpreted by a router? Explain with an example.
Explanation
Take an example where a router has a wild card mask of 0.0.0.255, which is associated with an IP address 192.168.1.0. The 0 in the wild card mask implies that when a packet is received, the octet corresponding to the value 0 in wild card mask should be verified. In the above example, the three octets corresponding to the 0 in the wild card mask is 192.168.1 and the 255 would imply to ignore the values in the last octet. So this ACL, whether permit or deny, would look for the network address 192.168.1.0.
Question 5
Can an ACL be used to block a DOS based IP spoofing attack from random source addresses?
Explanation
An ACL can only be used if the source or destination addresses or networks are pre-defined. If the source addresses are random, an ACL would be ineffective in defending against the attack.
Question 6
If ping is blocked on a system using ACL, does it imply that other communication like TCP or UDP is also disallowed on that specific system?
Explanation
Ping uses ICMP for communication. Blocking ping does not imply that TCP or UDP communication is disallowed, provided the access list allows for the required protocols for communication.