Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Incident Reso Hank Law, web Company locat suspicious act response Report on June 30, 2004. 16. Attack! w webmaster at the MacVee Sot software located

image text in transcribed
Incident Reso Hank Law, web Company locat suspicious act response Report on June 30, 2004. 16. Attack! w webmaster at the MacVee Sot software located in Hyattsville, Maryland deter on its web server. After checking Her had been placed on Windows sumed it was being used to record and user names. The server is run on a ries Gateway box (2.4 GHz, 1024 MB Ram with a Xeon Processor) and a WinNT4 system. A Black Ice security System is ad updated all software with the most atches and last performed maintenance May 1, 2004. TCPDUMP, a sniffer, was passwords and 960 series 1600 SDRam w operating syste recent patches a the system May running on the ne a in checki tad Mowers detected a sniffer had Server CT Server. He assumed i online pany's a denis Cembe derso the lo Hank had updated all software Geon the Dect on the network connected to the server tack checking the sniffer's logs, he found that not some log entries had been altered. He switched to early logs, and found the following log en- ber try 05:25:10.695000 OA:E5:4D-F3.00-E10 OE:63:00:F8:00:00 250.14.130.1.5112135135 75.6.80: 1386754311:13867543110) win855 The unusual aspect of the log entry was the source port 5112. This port is not a commonly used one, and the attacker may have been try- ing to hide his presence on the compromised computer that he was using to attack MacVee's website. Currently, Hank has not shut the web server down, but he has hardened the access to other parts of the network from the web server, and he added a new sniffer program to the web box called the Effe Tech sniffer v.3.4. Hank is hoping the hacker will come back and Hank will get more identity information about b. the hacker Based on the information provided, complete Part II of the Preliminary Incident Response Re- port in Figure 14.9 in the chapter. Identify the probable IP address the attacker used to enter MacVee's system. What are the advantages and disadvantages of not shutting down the server? Would law enforcement authorities be inter- ested in further pursing this crime through the courts? C. Incident Reso Hank Law, web Company locat suspicious act response Report on June 30, 2004. 16. Attack! w webmaster at the MacVee Sot software located in Hyattsville, Maryland deter on its web server. After checking Her had been placed on Windows sumed it was being used to record and user names. The server is run on a ries Gateway box (2.4 GHz, 1024 MB Ram with a Xeon Processor) and a WinNT4 system. A Black Ice security System is ad updated all software with the most atches and last performed maintenance May 1, 2004. TCPDUMP, a sniffer, was passwords and 960 series 1600 SDRam w operating syste recent patches a the system May running on the ne a in checki tad Mowers detected a sniffer had Server CT Server. He assumed i online pany's a denis Cembe derso the lo Hank had updated all software Geon the Dect on the network connected to the server tack checking the sniffer's logs, he found that not some log entries had been altered. He switched to early logs, and found the following log en- ber try 05:25:10.695000 OA:E5:4D-F3.00-E10 OE:63:00:F8:00:00 250.14.130.1.5112135135 75.6.80: 1386754311:13867543110) win855 The unusual aspect of the log entry was the source port 5112. This port is not a commonly used one, and the attacker may have been try- ing to hide his presence on the compromised computer that he was using to attack MacVee's website. Currently, Hank has not shut the web server down, but he has hardened the access to other parts of the network from the web server, and he added a new sniffer program to the web box called the Effe Tech sniffer v.3.4. Hank is hoping the hacker will come back and Hank will get more identity information about b. the hacker Based on the information provided, complete Part II of the Preliminary Incident Response Re- port in Figure 14.9 in the chapter. Identify the probable IP address the attacker used to enter MacVee's system. What are the advantages and disadvantages of not shutting down the server? Would law enforcement authorities be inter- ested in further pursing this crime through the courts? C

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Microsoft Visual Basic 2017 For Windows Web And Database Applications

Authors: Corinne Hoisington

1st Edition

1337102113, 978-1337102117

More Books

Students also viewed these Databases questions

Question

Discuss the history of human resource management (HRM).

Answered: 1 week ago