Using the pcap data and log files provided with this assignment (107MB). Apply what has been learned throughout the course, tools such as Wireshark with its display filters and Snort with its rules/signatures, on-line resources such as centralops.net, an
User Generated
ngnyvxra
Science
The Community College of Baltimore County
Description
Module 6 Assignment
Attached Files:
error.log.part (2.058 KB)
Module6.pcap (104.412 MB)
access.log.part (3.144 KB)
Using the pcap data and log files provided with this assignment (107MB). Apply what has been learned throughout the course, tools such as Wireshark with its display filters and Snort with its rules/signatures, on-line resources such as centralops.net, and Internet research to analyze the packet data and write a detailed report of what transpired. Your report should include who attacked, what was attacked, what actions (tools, tactics, and procedures) the attacker took to attempt their malicious actions, were they successful? Include the proof for each of your findings and also a potential mitigation Acme, Inc's IT Security team can implement to prevent future attacks like those you detected, for example a rule that can be used with Snort. Note: There may be more than one incident of malicious activity. While you have been provided with some web server logs, your report should include what other sources of data you would want from the Acme, Inc system/network administrators to further your investigation.
Scenario: Acme, Inc System Administrators detected an attack against a company web server that resulted in a web site defacement and there were also some unusual server and network activity. Acme, Inc's internal network uses 192.168.200.0/24. The web server is at 192.168.200.144, listens on port 80. 192.168.200.2 is the IP for Acme's gateway to the Internet.
Unformatted Attachment Preview
Purchase answer to see full attachment

Explanation & Answer

Completed work.
One’s understanding of network protocols can often be greatly deepened by “seeing protocols in action”
and by “playing around with protocols” – observing the sequence of messages exchanged between two
protocol entities, delving down into the details of protocol operation, and causing protocols to perform
certain actions and then observing these actions and their consequences. This can be done in simulated
scenarios or in a “real” network environment such as the Internet. The Java applets that accompany the
textbook take the first approach. In the Wireshark labs, we’ll take the latter approach. You’ll be running
various network applications in different scenarios using a computer on your desk, at home, or in a lab.
You’ll observe the network protocols in your computer “in action,” interacting and exchanging messages
with protocol entities executing elsewhere in the Internet. Thus, you and your computer will be an
integral part of “live” labs in this class. You’ll observe, and you’ll learn, by doing. The basic tool for
observing the messages exchanged between executing protocol entities is called a packet sniffer. As the
name suggests, a packet sniffer captures (“sniffs”) messages being sent/received from/by your
computer; it will also typically store and/or display th...
