Finish assignment 4

1 files changed, 22 insertions, 0 deletions

diff --git a/netsec-assignment4-S4498062/exercise4/exercise4c b/netsec-assignment4-S4498062/exercise4/exercise4c
new file mode 100644
index 0000000..b620710
--- /dev/null
+++ b/netsec-assignment4-S4498062/exercise4/exercise4c
@@ -0,0 +1,22 @@
+Query
+    MUST be permitted unless explicitly overridden by local policy (REQ-1)
+    Session MUST be remembered for at least 60s (REQ-2)
+
+Error
+    MUST be traversed unless IP/ICMP checksum validation fails (REQ-3)
+    Packets SHOULD only be allowed to travel between realms when belonging to an
+        existing session (REQ-4, REQ-5)
+    NAT sessions MUST NOT not be refreshed.
+
+Non-QueryError
+    MAY be dropped or appropriately handled (REQ-11)
+
+DoS
+    The NAT device helps prevent DoS attacks with lots and lots of ICMP error
+    messages by blocking them if they are not linked to an existing session. If
+    the device would not do that, we could do something like DNS amplification.
+
+Destroying sessions
+    An attacker may attempt to send bogus error messages into the NAT network
+    in order to destroy the current sessions. To prevent this, the NAT device
+    won't delete or refresh a NAT session based on an error message.