Assignment 11, due Apr 27

Part of the homework for 22C:169, Spring 2007
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Background: When you log into linux.cs.uiowa.edu, you recieve a message saying: "Please ssh from here to one of the lab machines as follows ..." In fact, linux.cs.uiowa.edu is an alias for a cluster of servers with names such as serv15 and serv16.divms.uiowa.edu. You can directly log into some of these machines instead of using the alias linux. A firewall can be configured so that the lab machines themselves, with names such as l-lnx100, cannot be directly used from outside Internet connections.

    a) Explain what this departmental firewall is doing. (1 point)

    b) Explain how, with this firewall present, you can use rlogin while running on one of the divms servers to access the lab machines. (1 point)

    c) Why block access to the lab machines from the public internet? In other words, what is the advantage of forcing all outside access to go through the server cluster? (1 point)

  2. Background: Suppose you are dealing with a system that has a no-man's land, and the only service you have in that no-man's land is a mail server. The mail server is nice and fast, though, allowing nearly instant response from your office machine to the outside world. One of the machines in the outside world is in your home, and you have high-speed internet service at home.

    For some obscure reason, you feel a very strong need to freely surf the web from your office, so you decide to tunnel through the firewall by writing an application to run on your home computer and on your office computer that communicate by E-mail.

    a) Propose a general scheme allowing you to run a remote desktop on your office machine. What would be the content of the E-mails sent and recieved by your office machine supporting this scheme? (1 point)

    b) What should the firewall manager look for in order to detect such a tunnel through the firewall and distinguish it from legitimate use? (1 point)