(1) If we hadn't put that big "FAKE" notice over the logo, would you be able to detect the DNS spoofing attack on loading the bank's web page in your browser? Explain.
(2) The Diamond Banking website lets users input their username and password on a form on a web page that is loaded over HTTP. But when the user presses "Login", the form sends the username and password to a page that is loaded over HTTPS, i.e. the username and password are sent over an encrypted connection. Explain why this is not sufficient to protect the users' login information. What kind of attack are users left vulnerable to? How would using HTTPS for the entire site protect users against this kind of attack?
(3) Would DNSSEC protect against this kind of attack? Explain your answer.
Also answer the following question: In the passive sniffing attack, Mallory needs to capture the 4-way handshake in order to read user data on a WPA network. But in the MITM attack on WPA, Mallory did not capture the 4-way handshake, but was still able to read sensitive user data. How did Mallory bypass WPA confidentiality in this attack?
Show the plot of connections vs. time in your experiment for three scenarios: no mitigation, mitigation using firewall, and using the Apache web server.
In the plot of connections vs. time in the firewall scenario: how do we see the effect of the firewall?
With the firewall in place, the slowhttptest plot still shows that service is not available - does this mean that the attack was effective and legitimate users cannot connect to the web server?
Firewalls can be problematic when they interfere with legitimate application use. Sometimes, many hosts might share the same IP address (such as with NAT). How would the firewall strategy used in the lab to prevent the slowloris attack affect legitimate users in this scenario?