FREE Trial
Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know

image text in transcribed

Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know that running either netstat or ss-a will tell you at the socket level what's going on. The ss -a command gives a report similar to the following (the u_str and u dgm entries are re- moved; those are UNIX domain sockets which are local-to-the system equivalents of tcp/udp used for interprocess communication) Netid State Recv-Q Send-Q Local Address: Port Peer Address: Port 74.125.202.108:imaps 216.58.192.194 :https 216.58.192.196:https 74.125.202.109:imaps 130.111.218.16:ssh 23.45.134.221:https 100.16.227.202:ssh 192.168.8.51:53074 192.168.8.51:53075 192.168.8.51:53076 192.168.8.51:53086 CLOSE-WAIT! CLOSE-WAIT 1 CLOSE WAIT! 192.168.8.38:34466 192.168.8.38:35610 192.168.8.38:36884 192.168.8.38:35496 192.168.8.38:36888 192.168.8.38:37284 192.168.8.38:42308 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh tcp tcp Cp ESTAB tcp ESTAB CP ESTAB Cp ESTAB SYN-RECV 0 SYN-RECV0 SYN-RECV 0 SYN-RECV 0 200 more just like thiS SYN-RECV0 SYN-RECV 0 SYN-RECV0 SYN-RECV 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 UNCONN 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:52020 192.168.8.38:52242 192.168.8.38:56936 192.168.8.38:57386 192.168.8.51:53150 192.168.8.51:53151 192.168.8.51:53152 192.168.8.51:53153 172.217.9.66:https 172.217.9.34:https 216.58.192.196:https 216.58.216.106:https ud :789 udp UNCONN UNCONN UNCONN UNCONN UNCONN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN ud ud :mdns :netbios-dqm : netbios-ns sunrpc :ssh :sunrpc 127.0.0.1:smtp *microsoft-ds :netbios-ssn 127.0.0.1:1pp Cp 128 tcp CP (a) Should you worry about the tcp/CLOSE-WAIT connections? Why or why not? (b) Should you worry about the tcp/ESTAB connections? Why or why not? (c Should you worry about the copious tep/SYN-RECV connections? Why or why not? (d) Should you worry about the tep/TIME-WAIT connections? Why or why not? (e) Should you worry about the udp/UNCONN connections? Why or why not? (f) Should you worry about the tcp/LISTEN connections? Why or why not? Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know that running either netstat or ss-a will tell you at the socket level what's going on. The ss -a command gives a report similar to the following (the u_str and u dgm entries are re- moved; those are UNIX domain sockets which are local-to-the system equivalents of tcp/udp used for interprocess communication) Netid State Recv-Q Send-Q Local Address: Port Peer Address: Port 74.125.202.108:imaps 216.58.192.194 :https 216.58.192.196:https 74.125.202.109:imaps 130.111.218.16:ssh 23.45.134.221:https 100.16.227.202:ssh 192.168.8.51:53074 192.168.8.51:53075 192.168.8.51:53076 192.168.8.51:53086 CLOSE-WAIT! CLOSE-WAIT 1 CLOSE WAIT! 192.168.8.38:34466 192.168.8.38:35610 192.168.8.38:36884 192.168.8.38:35496 192.168.8.38:36888 192.168.8.38:37284 192.168.8.38:42308 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh tcp tcp Cp ESTAB tcp ESTAB CP ESTAB Cp ESTAB SYN-RECV 0 SYN-RECV0 SYN-RECV 0 SYN-RECV 0 200 more just like thiS SYN-RECV0 SYN-RECV 0 SYN-RECV0 SYN-RECV 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 UNCONN 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:52020 192.168.8.38:52242 192.168.8.38:56936 192.168.8.38:57386 192.168.8.51:53150 192.168.8.51:53151 192.168.8.51:53152 192.168.8.51:53153 172.217.9.66:https 172.217.9.34:https 216.58.192.196:https 216.58.216.106:https ud :789 udp UNCONN UNCONN UNCONN UNCONN UNCONN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN ud ud :mdns :netbios-dqm : netbios-ns sunrpc :ssh :sunrpc 127.0.0.1:smtp *microsoft-ds :netbios-ssn 127.0.0.1:1pp Cp 128 tcp CP (a) Should you worry about the tcp/CLOSE-WAIT connections? Why or why not? (b) Should you worry about the tcp/ESTAB connections? Why or why not? (c Should you worry about the copious tep/SYN-RECV connections? Why or why not? (d) Should you worry about the tep/TIME-WAIT connections? Why or why not? (e) Should you worry about the udp/UNCONN connections? Why or why not? (f) Should you worry about the tcp/LISTEN connections? Why or why not

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

C++ Database Development

C++ Database Development

Authors: Al Stevens

1st Edition

1558283579, 978-1558283572

More Books

Students also viewed these Databases questions

Question

Explain the nature and role of safety, health, and wellness.

Answered: 1 week ago

Question

A stratified sample is being designed to estimate the prevalence p of a rare characteristic, say the proportion of residents in Milwaukee, Wisconsin, who have Lyme disease. Stratum 1, with N1 units,...

Answered: 1 week ago

Question

As a student who has recently taken CS 357, Paul is eager to put his knowledge learned in the class to use in real-world applications. He notices the weather forcast in Champaign-Urbana area is not...

Answered: 1 week ago

Question

Exercise 3-14 (30 MIN) Production cost flow and measurement; journal entries Pro-Weave manufactures stadium blankets by passing the products through a weaving department and a sewing department. The...

Answered: 1 week ago

Question

Conduct and report an RCA for Long wait times In the Emergency Department in healthcare : A diagram of the clinical or workflow process A fishbone diagram of constraints The steps for improvement,...

Answered: 1 week ago

Question

1. Consider the TCP/IP Protocol Stack and fill in the blank: [1] IP layer is the [2] [3] HTTP is an [4] WiFi is a [5] [6] [7] [9] [10] to destination host. layer layer is layer 1. [12] A layer...

Answered: 1 week ago

Question

Consider this article:...

Answered: 1 week ago

Question

An unbiased die is tossed once. If the face of the die is and odd number, then an unbiased coin is tossed once. If the face of the die is an even number, then the coin is tossed twice. Let the random...

Answered: 1 week ago

Question

Question C5 [7.5 marks]: The Hastelloy-X plate stock cost from the supplier is $61 /kg and has a material density of 8,220 kg/m3 . The recoverable cost of scrap Hastelloy-X machining chips is $7.8...

Answered: 1 week ago

Question

Understand the roles of signs, symbols, and artifacts.

Answered: 1 week ago

Question

Discuss the key ambient conditions and their effects on customers.

Answered: 1 week ago

Question

Be familiar with the integrative servicescape model.

Answered: 1 week ago

Previous Question Next Question