PART 2TASK 4: Filtering, Inspecting, and Analyzing Packet Capture with Wireshark

Think of the fact that a DoS attack tries to make a web resource unavailable to legitimate users by flooding the target URL/host with more requests to overwhelm the server. What can you infer from the statistical information in the Destination and Ports window as far as a DoS attack is concerned? Cybercriminals can illegitimately use DoS attacks to extort money from companies. They may also use ransomware vis social engineering. Determine if this is a Distributed Denial of Service (DDoS) or DoS attack [hint: a DDoS attack originates from multiples sources almost simultaneously]. What is your point of view of the Rateand Percentcolumns of the Statisticsoutput with respect to the Count column? Does this information indicate any possibility of a compromise? If so, why? Besides the DDoS attack, do you see any indication of any attack such as brute force, SQL injections attack upon analyzing the web traffic? Why or why not? How is this indication different from the Statistics information retrieved earlier and from the perspective of this attack? What legitimate or illegitimate role does the host/user with the 192.168.10.111 IP address play in the suspected attack? If malicious actors got into your network to access your network security logs, how could they use the packet details to their advantage? Specifically, what utilities within Wireshark can you count on? From the details of the packet details pane above, why do you think there are several ICMP destination ports unreachable? Does this suggest an indication of an attack? Please comment on your observations.

PART 2TASK 5, 6: Scanning Multiple Hosts and Networks with Zenmap

2. What is your opinion about the results and the security implications of the output of this tab? Comment on the data of interest in your findings such as host status and ports used.
4. How many ports are reported by the scans, and how more so many are open ports?
6. What is one most impactful security vulnerability in your opinion? Recommend a good mitigation strategy to address any vulnerabilities identified.
8. What can you say about the results when scanning multiple hosts and/or a subnet compared with the individual host scans?
10. Recommend a good mitigation strategy to address any vulnerabilities identified.
12. In your opinion, why are some hosts reported as down? Do you recognize any security concerns? [Hint: use the ping utility to see if any IP within the range is reachable from the Windows machine].