Scribd Logo
Importer

Bienvenue sur Scribd !

  • Assignment 2 IKB41103 Jan2014 2

    Transféré par

    Meor Saiful
    29 vues5 pages
    Example of adv net sec question

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Example of adv net sec question

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    29 vues5 pages

    Assignment 2 IKB41103 Jan2014 2

    Transféré par

    Meor Saiful
    Example of adv net sec question

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 5

    IKB_41103 Advance Network Security

    Assignment_2 - (30%)
    Semester January 2014

    Learning Outcome:

    Upon completion of this assignment, students should be able to:


    1. Analyze and interpret Snort IDS Logs.
    2. Perform network forensics investigation.

    Tasks:

    In a group of 3 person, analyze Snort IDS Logs provided in Appendix_1 and answer the
    following questions.

    1. Describe the IDS Snort alert structure.


    (5 marks)
    2. Draw the topology of the network based on the alerts. Internal network subnet is
    62.231.131.0/24.
    (5 marks)
    3. List the attack for each of the internal host. Describe for each attack the potential
    damage to the system.
    (10 marks)
    4. What are the target ports and the vulnerability or exploit involved in the traffic logged
    by the IDS?
    (5 marks)
    5. Draw a graph of the types of quantity (Y axis) versus attack (X axis).
    (5 marks)

    APPENDIX_1
    [**] [1:2050:7] MS-SQL version overflow attempt [**]
    [Classification: Misc activity] [Priority: 3]
    04/01-01:12:37.462175 219.140.59.230:2383 ->
    62.231.131.232:1434
    UDP TTL:109 TOS:0x0 ID:30990 IpLen:20 DgmLen:404
    Len: 376
    [Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5310]
    [**] [1:2003:8] MS-SQL Worm propagation attempt [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:14:24.250520 62.190.108.185:2266 ->
    62.231.131.229:1434
    UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:14:24.250520 62.190.108.185:2266 ->
    62.231.131.229:1434
    UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2050:7] MS-SQL version overflow attempt [**]
    [Classification: Misc activity] [Priority: 3]
    04/01-01:14:24.250520 62.190.108.185:2266 ->
    62.231.131.229:1434
    UDP TTL:121 TOS:0x0 ID:198 IpLen:20 DgmLen:404
    Len: 376
    [Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5310]

    [**] [1:2003:8] MS-SQL Worm propagation attempt [**]


    [Classification: Misc Attack] [Priority: 2]
    04/01-01:15:18.475304 218.89.140.85:1165 ->
    62.231.131.227:1434
    UDP TTL:109 TOS:0x0 ID:22362 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:15:18.475304 218.89.140.85:1165 ->
    62.231.131.227:1434
    UDP TTL:109 TOS:0x0 ID:22362 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2050:7] MS-SQL version overflow attempt [**]
    [Classification: Misc activity] [Priority: 3]
    04/01-01:15:18.475304 218.89.140.85:1165 ->
    62.231.131.227:1434
    UDP TTL:109 TOS:0x0 ID:22362 IpLen:20 DgmLen:404
    Len: 376
    [Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5310]
    [**] [122:3:0] (portscan) TCP Portsweep [**]
    04/01-01:23:09.445266 156.110.204.235 -> 62.231.131.231
    PROTO255 TTL:0 TOS:0x0 ID:28721 IpLen:20 DgmLen:166 DF
    [**] [122:3:0] (portscan) TCP Portsweep [**]
    04/01-01:31:06.668563 68.22.106.93 -> 62.231.131.234
    PROTO255 TTL:0 TOS:0x0 ID:15174 IpLen:20 DgmLen:162
    [**] [1:2003:8] MS-SQL Worm propagation attempt [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:34:46.649045 222.216.27.55:1940 ->
    62.231.131.237:1434
    UDP TTL:109 TOS:0x0 ID:42043 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref

    => http://www.securityfocus.com/bid/5311][Xref =>


    http://www.securityfocus.com/bid/5310]
    [**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:34:46.649045 222.216.27.55:1940 ->
    62.231.131.237:1434
    UDP TTL:109 TOS:0x0 ID:42043 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2050:7] MS-SQL version overflow attempt [**]
    [Classification: Misc activity] [Priority: 3]
    04/01-01:34:46.649045 222.216.27.55:1940 ->
    62.231.131.237:1434
    UDP TTL:109 TOS:0x0 ID:42043 IpLen:20 DgmLen:404
    Len: 376
    [Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5310]
    [**] [1:2003:8] MS-SQL Worm propagation attempt [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:37:22.184118 219.146.96.77:1939 ->
    62.231.131.234:1434
    UDP TTL:108 TOS:0x0 ID:46492 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]
    [**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
    [Classification: Misc Attack] [Priority: 2]
    04/01-01:37:22.184118 219.146.96.77:1939 ->
    62.231.131.234:1434
    UDP TTL:108 TOS:0x0 ID:46492 IpLen:20 DgmLen:404
    Len: 376
    [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5311][Xref =>
    http://www.securityfocus.com/bid/5310]

    [**] [1:2050:7] MS-SQL version overflow attempt [**]


    [Classification: Misc activity] [Priority: 3]
    04/01-01:37:22.184118 219.146.96.77:1939 ->
    62.231.131.234:1434
    UDP TTL:108 TOS:0x0 ID:46492 IpLen:20 DgmLen:404
    Len: 376
    [Xref =>
    http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref
    => http://www.securityfocus.com/bid/5310]

    END OF APPENDIX_1

    Vous aimerez peut-être aussi