You're implementing a firewall to filter incoming traffic to a web server. Which aspect of the TCP 3-way handshake can be used to differentiate legitimate web traffic from potential exploits?1.0 MarksThe sequence number included in the SYN packet.The destination port number specified in the SYN packet (e.g., port 80 for HTTP).The source IP address of the SYN packet.The flags set in the SYN packet (e.g., URG, PSH, etc.).The combination of source and destination IP addresses and ports.

The sequence of SYN, SYN/ACK, and ACK packets is known as the three-way handshake high five two-way handshake four-way handshake

1.Question 1What ordering of TCP flags make up the Three-Way Handshake?1 pointSYN, SYN/ACK, ACKFIN, FIN/ACK, ACKSYN, ACK, FINSYN, ACK, SYN, ACK2.Question 2Transport layer protocols, like TCP and UDP, introduce the concept of a port. How many bits are in a port field?1 point3281643.Question 3A device that blocks traffic that meets certain criteria is known as a ________.1 pointHubFirewallRouterSwitch4.Question 4Which TCP flag is used to make the listening program respond immediately?1 pointURGACKRSTPSH5.Question 5_________are identified as ports 49152 through 65535.1 pointUser portsEphemeral portsSocketsSystem ports

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:Select one:a. The source and destination address having the same valueb. A large number of SYN packets appearing on a network without the corresponding reply packetsc. A large number of SYN packets appearing on a network with the corresponding reply packetsd. The source and destination port numbers having the same value

TCP SYN Flood attack uses the three-way handshake mechanism.1. An attacker at system A sends a SYN packet to victim at system B.2. System B sends a SYN/ACK packet to victim A.3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case clientB is waiting for an ACK packet from client A.This status of client B is called _________________Select one:a. "full-open"b. "half-closed"c. "half open"d. "xmas-open"

The figure below shows the timing diagram for a TCP connection between Hosts A and B from the beginning to the end. First, we see the 3-way handshake. The client (Host A) combines 50 bytes of data with the last ACK of the 3-way handshake. The server (Host B) combines 100 bytes of data with the ACK packet sent back to the client. The client (Host A) closes the connection at this point which results in a FIN segment being sent to the server (Host B), which is combined with the ACK for the 100-byte data. After a little while, the server (Host B) closes the connection as well.Enter the numeric values for a, b, c, d, e and f in the spaces provided below. No explanation is necessary. 0.5 mark for each.