Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Analyze the Logs_v3.txt and answer the following questions: What protocol is bei

ID: 3819123 • Letter: A

Question

Analyze the Logs_v3.txt and answer the following questions:

What protocol is being used? Is it TCP or UDP?

Could this log be the result a simple nmap scan being run against the honeynet? Explain.

List the tool:

Name the scanning tools that may have been used to by the attacker.

What was the tool suite author's intended use of this tool suite? Who was it designed to be used by?

One of these tools was only used against a small subset of extensions. Which were these extensions and why were only they targeted with this tool?

List the extensions:

How many extensions were scanned? Are they all numbered extensions, or named as well? List them.

Categorize these extensions into the following groups, and explain to method you used:

Those that exist on the honeypot, and require authentication.

Those that exist on the honeypot, and do not require authentication.

Those that do not exist on the honeypot.

Was a real SIP client used at any point? If it was, what time was it used, and why?

List the following, include geo-location information.

Source IP addresses involved.

The real world phone numbers that were attempted to be dialed.

Draw a simple static or animated timeline of events, describing when and where certain phases occurred from, and what the purpose of each phase was.

Assuming this were a real incident, write 2 paragraphs of an Executive summary of this incident. Assume the reader does not have IT Security or VOIP experience.

First Paragraph: Write, in the minimum detail necessary a description the nature and timings, and possible motives of the attack phases.

Second Paragraph: What actions would you recommend should occur following this particular incident, include any priority/urgency. Also describe any good practices that should be employed to mitigate future attacks.

Source: 210. 184.X.Y: Y:1083 Datetime 2010-05-02 01:43:05. 606584 Message OPTIONS sip: 1000honey.pot.IP. removed SIP/2.0 Via SIP/2.0/UDP 127.0.0.1:5061 branch z9hG4bK-2159139916;rport Content-Length: 0 From sip vicious"

Explanation / Answer

1) Protocol being used is UDP.

2)Friendly_scanner is used for scannig the SIP server.I

t scans IP's or range of IP's for SIP servers such as softswitches or PBXs, which communicate via the 5060 port. If it finds the port open, it attempts to brute force its way into your SIP server by testing sequential SIP account numbers with common usernames/passwords.

3)210.184.X.Y.1083,210.10.184:4956 , 210.10.184:5114 are is the source IP address.

4)Phone numbers used

3428948518
1729240413

Related Questions

Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #378596
Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #378597
Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #1122856
Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #1122865
Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #1122867
Analyze de following dispute settleman, give a summary, and stablish: Positions
Question #1122868
Analyze each line of this brute force code and show that it is (n3)?Please for e
Question #3790484
Analyze each of the corresponding algorithms according to the points as follows:
Question #3878187
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Analyze the Logic From the following flowcharts and pseudocode, analyze the logi
Next
Analyze the PowerBar® food label below and then answer the questions that follow

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.