Incident Reso Hank Law, web Company locat suspicious act response Report on June 30, 2004. 16. Attack! w webmaster at the MacVee Sot software located in Hyattsville, Maryland deter on its web server. After checking Her had been placed on Windows sumed it was being used to record and user names. The server is run on a ries Gateway box (2.4 GHz, 1024 MB Ram with a Xeon Processor) and a WinNT4 system. A Black Ice security System is ad updated all software with the most atches and last performed maintenance May 1, 2004. TCPDUMP, a sniffer, was passwords and 960 series 1600 SDRam w operating syste recent patches a the system May running on the ne a in checki tad Mowers detected a sniffer had Server CT Server. He assumed i online pany's a denis Cembe derso the lo Hank had updated all software Geon the Dect on the network connected to the server tack checking the sniffer's logs, he found that not some log entries had been altered. He switched to early logs, and found the following log en- ber try 05:25:10.695000 OA:E5:4D-F3.00-E10 OE:63:00:F8:00:00 250.14.130.1.5112135135 75.6.80: 1386754311:13867543110) win855 The unusual aspect of the log entry was the source port 5112. This port is not a commonly used one, and the attacker may have been try- ing to hide his presence on the compromised computer that he was using to attack MacVee's website. Currently, Hank has not shut the web server down, but he has hardened the access to other parts of the network from the web server, and he added a new sniffer program to the web box called the Effe Tech sniffer v.3.4. Hank is hoping the hacker will come back and Hank will get more identity information about b. the hacker Based on the information provided, complete Part II of the Preliminary Incident Response Re- port in Figure 14.9 in the chapter. Identify the probable IP address the attacker used to enter MacVee's system. What are the advantages and disadvantages of not shutting down the server? Would law enforcement authorities be inter- ested in further pursing this crime through the courts? C