Welcome to the TCP/IP Drinking Game. A collection of obscure and bizarre questions on TCP/IP, networking protocols and tools as well as old forgotten internet lore. The concept was first started by Val Henson, a Linux kernel developer and its goal is to have fun while bringing to limits the detail-level of networking knowledge. The less people know the answer to a question, the better. You are welcome to send in your own contributions to the list, and they will hopefully be published here (with due credit of course). Just send a mail at the address listed here. Now behold.
- Q: What is a fuzzball router?
- A: The first modern router on the Internet, used on the first 56KB/sec NSFnet (1980s).
- C: ithilgore
- Q: What is a pure ACK?
- A: An ACK packet that has no data.
- C: ithilgore
- Q: Which was possibly one of the earliest remote DoS attacks?
- A: +++ATH hangup (usually inside an ICMP echo request) from the Hayes command set used by first modems.
- C: ithilgore
- Q: What is a Bogon packet?
- A: An IP packet having a source IP of a private address space but appearing on the public internet.
- C: ithilgore
- Q: Which L3 protocol is used along with multicasting?
- A: IGMP (Internet Group Message Protocol)
- C: ithilgore
- Q: What is the RFC for TCP Congestion Control?
- A: RFC 2581
- C: ithilgore
- Q: What does EOL mean in TCP context?
- A: End-of-options-list which can also be used as padding.
- C: ithilgore
- Q: How many bytes will a TCP header be when the Timestamp option is included?
- A: 32 bytes (20 bytes minimum header + 10 bytes Timestamp + 2 bytes padding).
- C: ithilgore
- Q: Which is the only IP header field that cannot be manipulated with a raw socket on Linux?
- A: IP total length
- C: ithilgore
- Q: What is the main technique used by PortBunny?
- A: Sending 'trigger packets' of variable size to find optimal delay value.
- C: ithilgore
- Q: Who is the creator of p0f?
- A: Michal Zalewski aka lcamtuf
- C: ithilgore
- Q: What is IPoAC?
- A: IP over Avian Carriers, RFC 1149, issued on April 1, 1990.
- C: ithilgore
- Q: Name one technique that Nmap doesn't use for OS fingerprinting?
- A: Passive OS fingerprinting, since it would be less accurate.
- C: ithilgore
- Q: Who were the inventors of SYN cookies?
- A: Phil Karn and D.J. Bernstein aka djb
- C: ithilgore
- Q: Which Linux kernel developer maintains the SKB diet page?
- A: Dave S. Miller
- C: ithilgore
- Q: Which Nmap option invokes the RPC grinder?
- A: -sR
- C: ithilgore
- Q: Who is the creator of hping2?
- A: Salvatore Sanfilippo aka antirez
- C: ithilgore
- Q: What kind of probes does pakketto keiretsu's paratrace use?
- A: TCP Keepalive probes
- C: ithilgore
- Q: What is TCP piggybacking?
- A: Placing data inside an ACK packet.
- C: ithilgore
- Q: Which TCP Timer can potentially be reset infinitely?
- A: The TCP Persist Timer
- C: ithilgore
- Q: What is the slow start initial threshold (ssthresh) size?
- A: 65535 bytes
- C: ithilgore
- Q: What is the main problem of NewReno?
- A: It doesn't scale well.
- C: ithilgore
- Q: Which hosts are vulnerable to being leveraged in a zombie scan attack?
- A: Any network stack implementation that uses predictable IP IDs.
- C: ithilgore
- Q: What is the use of the TCP_DEFER_ACCEPT option?
- A: The kernel does not inform the listening socket of a new connection until the client has sent both the last ACK packet of the 3way handshake and some initial data.
- C: ithilgore
- Q: Which are the basic timers that TCP uses?
- A: Connection Establishment, Retransmission, Delayed ACK, Persist, Keepalive, FIN_WAIT_2 and TIME_WAIT(2MSL)
- C: ithilgore
- Q: Name an attack that can lead to network congestion collapse.
- A: Fake duplicate ACKs
- C: ithilgore
- Q: What is the default congestion avoidance algorithm since Linux 2.6.19?
- A: CUBIC -> cat /proc/sys/net/ipv4/tcp_congestion_control: cubic
- C: ithilgore
- Q: What is the maximum RTO on Linux?
- A: 2 minutes -> include/net/tcp.h: #define TCP_RTO_MAX ((unsigned)(120*HZ))
- C: ithilgore