Page 2 was alerted by the host firewall by a generic alert which might suggest an abnormally high packet rate. A packet capture at the network interface of the Development machine was saved in the file: A-01-packet_capture_Dev.pcap Another packet trace from the DMZ monitor was also secured, and was saved in the file: A-02-packet_capture_DMZ.pcap Both files can be downloaded from the VLE. Questions You have been asked to carry out a technical investigation (parts i and ii below) and provide a short management summary, accessible to a non-expert, which describes the nature of the attack and how it was carried out (in part iii below). You need to first develop a set of key questions (in part i) to guide the further analysis of the attack (in part ii). You are required to: (i) 1 Analyse the content of the file A-01-packet_capture_Dev.pcap for any evidence relating to the incident, and develop a set of key questions to guide the subsequent examination. Analyse the content of the file A-02-packet_capture_DMZ.pcap and (ii) use your results to supplement the results from (i), and resolve the questions developed during the analysis of part (i).

Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
icon
Related questions
Question

Course is networking

Page 2
was alerted by the host firewall by a generic alert which might suggest an abnormally high
packet rate.
A packet capture at the network interface of the Development machine was saved in the file:
A-01-packet_capture_Dev.pcap
Another packet trace from the DMZ monitor was also secured, and was saved in the file:
A-02-packet_capture_DMZ.pcap
Both files can be downloaded from the VLE.
Questions
You have been asked to carry out a technical investigation (parts i and ii below) and provide a
short management summary, accessible to a non-expert, which describes the nature of the
attack and how it was carried out (in part iii below). You need to first develop a set of key
questions (in part i) to guide the further analysis of the attack (in part ii).
You are required to:
(i) 1 Analyse the content of the file A-01-packet_capture_Dev.pcap for
any evidence relating to the incident, and develop a set of key questions to guide the
subsequent examination.
Analyse the content of the file A-02-packet_capture_DMZ.pcap and
(ii)
use your results to supplement the results from (i), and resolve the questions developed
during the analysis of part (i).
(iii)
Provide a short management summary which is accessible to a non-expert
which describes the nature of the attack and how it was carried out. You should ensure
that your summary is supported by citing evidence identified in (i) and (ii).
Page Limit
You can use up to 5 sides of A4 in total for this question, of which your answer to part (iii) must
be no more than 2 sides of A4. These limits do include any visual aids, e.g. tables, figures.
Specific Guidance
Your analysis in parts (i) and (ii) are intended for experts. Your answers in these two parts may
be in the form of expanded notes, provided your documentation is sufficiently detailed for another
Page 3
Transcribed Image Text:Page 2 was alerted by the host firewall by a generic alert which might suggest an abnormally high packet rate. A packet capture at the network interface of the Development machine was saved in the file: A-01-packet_capture_Dev.pcap Another packet trace from the DMZ monitor was also secured, and was saved in the file: A-02-packet_capture_DMZ.pcap Both files can be downloaded from the VLE. Questions You have been asked to carry out a technical investigation (parts i and ii below) and provide a short management summary, accessible to a non-expert, which describes the nature of the attack and how it was carried out (in part iii below). You need to first develop a set of key questions (in part i) to guide the further analysis of the attack (in part ii). You are required to: (i) 1 Analyse the content of the file A-01-packet_capture_Dev.pcap for any evidence relating to the incident, and develop a set of key questions to guide the subsequent examination. Analyse the content of the file A-02-packet_capture_DMZ.pcap and (ii) use your results to supplement the results from (i), and resolve the questions developed during the analysis of part (i). (iii) Provide a short management summary which is accessible to a non-expert which describes the nature of the attack and how it was carried out. You should ensure that your summary is supported by citing evidence identified in (i) and (ii). Page Limit You can use up to 5 sides of A4 in total for this question, of which your answer to part (iii) must be no more than 2 sides of A4. These limits do include any visual aids, e.g. tables, figures. Specific Guidance Your analysis in parts (i) and (ii) are intended for experts. Your answers in these two parts may be in the form of expanded notes, provided your documentation is sufficiently detailed for another Page 3
Question 1: Network Analysis (44 Marks)
Background
The system shown in Figure 1 belongs to a company known as DevCo. It provides a public
Internet-facing website hosted in the machine 'Web Server'. The website content is developed
and managed on the 'Website Development & Management Machine'. The purpose of the
website is to advertise a small software development business, which is carried out in-house on
the software 'Development' machine. The other computers in this system (W7 and the wireless
notebooks) are used for office functions. The file server and printer provide shared services
across the system, and the wireless network is WEP encrypted.
Internet
File Server
192.168.0.244
00:30:1B:B0:84:C4
Router
(Shuttle)
192.168.0.1
Printer
00:0F:B5:B2:AB:D4 (Netgear)
192.168.0.30
Switch
00:26:AB:69:21:1E
192.168.0.241
(Seiko Epson)
00:14:BF:60:15:06 (Cisco-Linksys)
WiFi Access Point
()
DMZ
192.168.0.245
00:06:25:49:C2:A2
W7
Monitoring
Node
(Linksys)
192.168.0.34
00:30:1B:BO:95:03
(Shuttle)
Web Server
192.168.0.5
Two Registered Wireless Notebooks
Development
00:30:1B:B6:23:48
192.168.0.27
(Shuttle)
80:EE:73:06:01:86
(Shuttle)
Website Development &
Management Machine
192.168.0.28
192.168.0.29
7C:4F:B5:B6:AC:F9
00:1D:92:C6:24:AA
192.168.0.6
(Arcadyan)
(Microstar)
00:30:1B:BO:90:5A (Shuttle)
Figure 1: Diagram of the system in Question 1
The switch which hosts the Web Server and the associated management machine
with a spanning port which outputs all switch traffic to a dedicated packet monitor.
provided
Maintaining the integrity and confidentiality of business data within the Development machine is
critical to the business. Temporary non-availability of the webserver is not regarded as a
problem, but corruption of the website may harm the reputation of the company whose business
is software-related.
At approximately 15:45 on 20 November, the user of the Development machine (192.168.0.27)
Transcribed Image Text:Question 1: Network Analysis (44 Marks) Background The system shown in Figure 1 belongs to a company known as DevCo. It provides a public Internet-facing website hosted in the machine 'Web Server'. The website content is developed and managed on the 'Website Development & Management Machine'. The purpose of the website is to advertise a small software development business, which is carried out in-house on the software 'Development' machine. The other computers in this system (W7 and the wireless notebooks) are used for office functions. The file server and printer provide shared services across the system, and the wireless network is WEP encrypted. Internet File Server 192.168.0.244 00:30:1B:B0:84:C4 Router (Shuttle) 192.168.0.1 Printer 00:0F:B5:B2:AB:D4 (Netgear) 192.168.0.30 Switch 00:26:AB:69:21:1E 192.168.0.241 (Seiko Epson) 00:14:BF:60:15:06 (Cisco-Linksys) WiFi Access Point () DMZ 192.168.0.245 00:06:25:49:C2:A2 W7 Monitoring Node (Linksys) 192.168.0.34 00:30:1B:BO:95:03 (Shuttle) Web Server 192.168.0.5 Two Registered Wireless Notebooks Development 00:30:1B:B6:23:48 192.168.0.27 (Shuttle) 80:EE:73:06:01:86 (Shuttle) Website Development & Management Machine 192.168.0.28 192.168.0.29 7C:4F:B5:B6:AC:F9 00:1D:92:C6:24:AA 192.168.0.6 (Arcadyan) (Microstar) 00:30:1B:BO:90:5A (Shuttle) Figure 1: Diagram of the system in Question 1 The switch which hosts the Web Server and the associated management machine with a spanning port which outputs all switch traffic to a dedicated packet monitor. provided Maintaining the integrity and confidentiality of business data within the Development machine is critical to the business. Temporary non-availability of the webserver is not regarded as a problem, but corruption of the website may harm the reputation of the company whose business is software-related. At approximately 15:45 on 20 November, the user of the Development machine (192.168.0.27)
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

Blurred answer
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY