Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Miller Harrison was still working his way through his attack protocol. Nmap started out as it usually did, by giving the program identification and version

Miller Harrison was still working his way through his attack protocol.

Nmap started out as it usually did, by giving the program identification and version number. Then it started reporting back on the first host in the SLS network. It reported all of the open ports on this server. The program moved on to a second host and began reporting back the open ports on that system, too. Once it reached the third host, however, it suddenly stopped.

Miller restarted Nmap, using the last host IP as the starting point for the next scan. No response. He opened another command window and tried to ping the first host he had just port-scanned. No luck. He tried to ping the SLS firewall. Nothing. He happened to know the IP address for the SLS edge router. He pinged that and got the same result. He had been blackholed, meaning his IP address had been put on a list of addresses from which the SLS edge router would no longer accept packets. Ironically, the list was his own doing. The IDPS he had been helping SLS configure seemed to be working just fine at the moment. His attempt to hack the SLS network was shut down cold.

***NOTE*** Please answer this specific question only. Thank you.

Discussion Question:

Consider Millers hacking attempt in light of the intrusion kill chain described earlier and shown in figure below. At which phase in the kill chain has SLS countered his vendetta?image text in transcribed

Intrusion Kill Chain Actions on Objectives Command and Reconnaissance Weaponization Exploitation Installation Control (C2) Research, identification Only now, after progressing through the first six phases, carn intruders take actions to achieve their original objectives Typically this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment Coupling a remote and selection of access trojan with an exploit into a After the weapon is delivered to victim host, targets, often deliverable Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. crawling Internetpayload, typically by means of an Transmission of the weapon to the targeted environment using vectors like email attachments, Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel websites such as conference automated tool triggers intruders code. Most often, exploitation targets an application or operating system vulnerability (weaponizer) proceedings and ncreasingly, client email addresses, files such as Adobe websites, a applications data PDF or Microsoft relationships, orOffice documents mailing lists for nd USB removable media. social information on specific technologies serve as the weaponized deliverable DisruptDegrade Deceive Destroy Leverage, discover, analyze Atomic, computed and behavior indicators Campaign Analysis-Tools, Techniques and Procedures Intrusion Kill Chain Actions on Objectives Command and Reconnaissance Weaponization Exploitation Installation Control (C2) Research, identification Only now, after progressing through the first six phases, carn intruders take actions to achieve their original objectives Typically this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment Coupling a remote and selection of access trojan with an exploit into a After the weapon is delivered to victim host, targets, often deliverable Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. crawling Internetpayload, typically by means of an Transmission of the weapon to the targeted environment using vectors like email attachments, Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel websites such as conference automated tool triggers intruders code. Most often, exploitation targets an application or operating system vulnerability (weaponizer) proceedings and ncreasingly, client email addresses, files such as Adobe websites, a applications data PDF or Microsoft relationships, orOffice documents mailing lists for nd USB removable media. social information on specific technologies serve as the weaponized deliverable DisruptDegrade Deceive Destroy Leverage, discover, analyze Atomic, computed and behavior indicators Campaign Analysis-Tools, Techniques and Procedures

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Advances In Spatial And Temporal Databases 10th International Symposium Sstd 2007 Boston Ma Usa July 2007 Proceedings Lncs 4605

Authors: Dimitris Papadias ,Donghui Zhang ,George Kollios

2007th Edition

3540735399, 978-3540735397

More Books

Students also viewed these Databases questions