Виконано

Network Packet Anaylsis (simple)

Цей проект було успішно виконано rozeny2kза $100 USD за 3 днів.

Отримайте безкоштовно цінові пропозиції на схожі проекти
Роботодавець працює
Бюджет проекту
$10 - $30 USD
Завершено за
3 днів
Усього заявок
6
Описання проекту

Here are the details regarding the network:

Employee Title IP address

Server Server [url removed, login to view]

Phil Farnsworth Owner [url removed, login to view]

James Garrett Network Admin [url removed, login to view]

Allen Beard Payroll Admin [url removed, login to view]

If you don't know whether it's suspicious -- sometimes it's difficult to tell -- say so, and describe why you can't tell whether it's suspicious or not. There are examples of EACH of the aforementioned categories of behavior included in the packet capture.

NOTE: I want a DETAILED INTERPRETATION of what is happening. Don't simply DESCRIBE what is going on, I want an expert interpretation. Here’s an example:

POOR DESCRIPTION: IP [url removed, login to view] is accessing port 21 over TCP on IP xx.xx.xx.xx.

My feedback to you: That is useless information.

GOOD DESCRIPTION: IP [url removed, login to view] is attempting to connect to port 21 on IP xxx.xxx.xxx.xxx. Port 21 is ftp, which sends credentials in the clear. The series of packet captures shows that the intruder was attempting to guess passwords for user "sumowrestler". The intruder was eventually successful after the 5th try. The passwords guessed were "password", "sumo", "wrestler", "beatles" and "sumo1", the latter of which allowed the intruder to gain access to the computer.

Questions

1. What is occurring in packets 3-4? Is it evidence of an intrusion? Provide an interpretation of what is occurring, and the possible uses of the information gained. If there’s nothing suspicious, tell me so, and explain why it’s normal traffic.

2. Is the activity occurring in packets 17-20, 24-25, 28-33, 36-41 evidence of an intrusion? Provide a detailed interpretation of what is occurring, and the possible uses of the information gained. How many computers are involved? Who owns them?

3. Is the activity starting in packet 80-116 evidence of an intrusion? Provide a detailed interpretation of what is occurring, and the possible consequences. How many ports are involved, and what are their associated services? What information would be gained, and how would it be used by an attacker?

4. Are packets 508-595 abnormal? (Note: this is a TCP stream so you can select the first packet, right click your mouse, select "Follow TCP Stream", and Wireshark will extract those packets and form a single readable stream.) Provide a detailed description AND interpretation of what is occurring, and the possible consequences. THERE IS A LOT GOING ON. TELL ME WHAT HAPPENED!

5. Is the activity starting in packet 618 evidence of an intrusion? (Note: this is a TCP stream so you can select the packet, right click your mouse, select "Follow TCP Stream", and Wireshark will extract those

Виконано:

Хочете заробити?

  • Визначте бюджет та часові рамки
  • Виділіть Вашу пропозицію
  • Отримайте оплату за Вашу роботу

Найняти фрілансерів, які також подавали заявки в цей проект

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online