User Account

All Pages

How do you know a web page was accessed

Assignment Help Computer Engineering
Reference no: EM133801599

Homework: Network Forensics

Goal:

The goal of this homework is to allow you to practice network forensics on a packet capture. This packet capture is not as straightforward as that used in the CET4663/CIS4360 course; this is a bit more realistic, although truncated packet capture with a fair amount of traffic. There are some fun(ny) things going on with the network as evidenced in the packet capture. You will use Wireshark to analyze the packet capture. Hint: The use of filters in Wireshark will make your job easier.

If you've taken CIS4360 prior to this, and you should have, then you have seen some of these videos. If you feel you have a good grasp of TCP/IP, signature analysis, and using Wireshark, you could skip the videos; however, a refresher is always good to have.

An 'attacker' will typically perform several steps prior to conducting an attack, called the 'reconnaissance' phase:

• Enumeration: What computers are up and running?
• Footprinting:What services are provided by the computers that are up and running?
• Fingerprinting: What operating systems are the computers running?

The 'attack' phase* can occur in many forms:

• Unauthorized access (logging into a computer without authorization)
• Downloading information (unauthorized access to information)
• Uploading information or files (root kits, logic or time bombs, worms, viruses, etc.)
• Denial of service attacks
• etc.

*Not all of the attacks are represented in the packet capture.

Scenario:

Ms. Wilde, pleased with your performance on the malware case, has decided to give you another incident. The overworked, underpaid, and understaffed IT administrator of a small business has contacted Palindrome to analyze some network traffic around the time of an abnormal spike in traffic. Your mission, should you choose to accept it - and Ms. Wilde has decided that you do - is to analyze the provided packet capture and report on the activity found therein which may.

To aid in your goals, the administrator has provided a few details about the network from which the capture originated. There are four computers on the network. The IT administrator admin box is an Ubuntu server. There are also DHCP and web servers and the Admin is the only individual within the company with authorization for access to those servers. There are two other employees, Bob Smith, a new hire and recent college graduate, who uses a workstation with network access running Windows XP, and Sarah, a developer who uses a workstation with a standard installation of Ubuntu also with network access. Both Bob and Sarah are authorized to have access to their own workstation and no others.

Task

A professional-quality report in two sections.

First, a management summary, written with no technical language which provides a summary of what was found. The summary should be roughly a paragraph in length. This will require some thinking on your part to digest all that you've seen and turn that into something a manager can read quickly, but also come away with, and comprehend, the relevant information you gathered.

The second part will be the technical section where you will answer the following questions. Include the question and the answer.

I. What is the network address and subnet mask?

II. For each computer:

i. What is the IP of the computer?
ii. What OS is it running?
iii. What is the MAC address?

III. What computer (refer by OS name and last octet of the IP address, e.g., Win7.128) is serving as a DHCP server? How do you know?

i. What other services is the DHCP server running? How do you know?

IV. What computer (refer by OS name and last octet of the IP address) is running a web server?

i. Which computer(s) accessed this web server?
ii. How do you know a web page was accessed? What was the file name of the web page accessed?
iii. What web browser was the user running?
iv. At what time did the access occur?
v. What web server application was running? (include version number)

V. What computer (refer by OS name and last octet of the IP address) is running the telnet service?

i. Which computer(s) accessed the telnet server?
ii. At what time(s)/date did this access occur?

VI. What usernames/passwords were used to access the telnet server?

i. What did the attacker do, if anything, from the telnet server? Explain why the attacker might have done this.

VII. What is a buffer overflow? What is an SQL Injection? Identify the packet series that contains what appears to be a buffer overflow followed by an SQL Injection. Describe how the attacker attempts to effect the buffer overflow. You may need additional material from the Web. Use your own words; do not copy and paste an answer.

VIII. What is a port scan?

i. How many port scans were run?
ii. What computer initiated the port scan(s)? What were the target computers?
iii. What type of port scan(s) did the attacker use (refer to the man page for nmap)?

IX. What did the 'attacker' do once on the FTP server?

i. How many commands were run on the ftp server?
ii. What username/password was used to access the FTP server?
iii. From what computer was the FTP server accessed?
iv. Date and time?
v. What file was downloaded from the ftp server?
vi. To which computer was this file downloaded?

X. What is the IP address of the attacker? In your opinion, how technically sophisticated is the attacker? Provide evidence to support your claims.

Reference no: EM133801599

Questions Cloud

What is happening to our common home : What is pope Francis message about "What is happening to our common home"?
Explain the role cultural social and personal factors play : Consumer behavior is influenced by three factors: cultural, social and personal. Explain role cultural, social and personal factors play in consumer behavior.
What is the attitude of the text toward other religions : Does the Qur'an offer evidence for early Islamic history (in the same way the the Hebrew and Christian Scriptures do)?
Identify major instruments to hedge interest rate risk : FIN 301- Identify major instruments to hedge interest rate risk. Explain at least two instruments to hedge this risk by providing suitable examples.
How do you know a web page was accessed : How do you know a web page was accessed? What was the file name of the web page accessed? What web browser was user running? At what time did the access occur?
Demonstrate mastery of project management theories : PRM22701 Principles of Project Management, Ravensbourne University - demonstrate mastery of project management theories and concepts, apply them
How genesis 1-3 sets up the rest of the biblical narrative : Explore how Genesis 1-3 sets up the rest of the biblical narrative and how the unfolding OT story shows that God continues to work with his people.
Explain how violence and aggression differ from one another : Explain how violence and aggression differ from one another; and, in doing so, provide specific examples of behaviors indicative of each one.
Importance of respecting diverse religious beliefs : Highlight the importance of respecting diverse religious beliefs and providing soldiers with resources and support for spiritual development.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd