Académique Documents
Professionnel Documents
Culture Documents
Assignment_2 - (30%)
Semester January 2014
Learning Outcome:
Tasks:
In a group of 3 person, analyze Snort IDS Logs provided in Appendix_1 and answer the
following questions.
APPENDIX_1
[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
04/01-01:12:37.462175 219.140.59.230:2383 ->
62.231.131.232:1434
UDP TTL:109 TOS:0x0 ID:30990 IpLen:20 DgmLen:404
Len: 376
[Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
=> http://www.securityfocus.com/bid/5310]
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
04/01-01:14:24.250520 62.190.108.185:2266 ->
62.231.131.229:1434
UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
=> http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310]
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
04/01-01:14:24.250520 62.190.108.185:2266 ->
62.231.131.229:1434
UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
=> http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310]
[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
04/01-01:14:24.250520 62.190.108.185:2266 ->
62.231.131.229:1434
UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
Len: 376
[Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
=> http://www.securityfocus.com/bid/5310]
END OF APPENDIX_1