Answer Happy

Question 3 (a) A report on a piece of malware notes that it is able to attack vulnerable Windows machines and make them part of a botnet". Discuss two different approaches that this malware might use to recruit machines to the botnet. As part of your answer, indicate clearly the conditions necessary in case case for the recruitment to succeed, and give reasons why defensive measures such as firewalls or anti-virus software might be ineffective. [8 marks] (b) A student researches botnets and writes up his findings as follows: "A botnet could be used to conduct a distributed denial-of-service attack. A program running on each bot could listen on a particular port for an incoming command from its controller. This command could include the IP address of the victim, the mode of attack-ICMP echo request or SYN flood-and the time at which to mount the attack. A network intrusion detection system would be a pretty effective tool for detecting such commands." Give three reasons why this might not be a sensible assessment of botnet attacks and defensive techniques. [3 marks] (c) You are working on a large legacy client-server application, written in C. During a code review, you come across the following fragment of server code: void build_message (char* sl, int len1, char* s2, int len2) 2 { 3 char buf [128]; 4 if (len1 len2 < 128) { printf(sl); printf (s2); strncpy (buf, s1, lenl); strncat (buf, s2, len2); 10 11 } 12} (i) What security reason could there be for having the if statement in this code? Is it effective? Explain your reasoning. [4 marks] (ii) Discuss two different potential security problems with the code in the body of the if statement (lines 6-9). Indicate the circumstances under which either problem might result in an exploitable vulnerability. [5 marks] [Question 3 total: 20 marks] 5 6 7 8 9