Unit 3 Assignment 1 Network Traffic Analysis

Improved Essays
1) Network traffic analysis shows that a single host is opening hundreds of SSH sessions to a single host every minute.
a. The large number of attempted connections each minute suggests this is an attempted denial of service attack. This type of attack attempts to overload network resources with illegitimate traffic to deny service to legitimate users or business needs. IDS and IPS devices can detect all of this traffic, and the IPS can drop (or have border network devices such as firewalls drop) these packets to prevent the attack from succeeding.

2) Network traffic shows that hundreds of hosts are constantly sending only SYN packets to a single Web server on campus.
a. This type of traffic suggests a SYN flood attack, which according to Techtarget (http://searchsecurity.techtarget.com/definition/SYN-flooding) is when half-open connections are attempted by the user only sending SYN packets. The server will respond with SYN/ACK packets (on open ports), but the client ignores them and re-sends SYN packets. This means the server cannot handle legitimate traffic when needed. Similar to #1 above, IDS and IPS devices can detect all of this traffic and an IPS can drop the packets before they get to the target server after the pattern is recognized as an attack. 3) A system administrator reports that a single host is attempting to
…show more content…
This is a textbook phishing attack – which is when a malicious user attempts to gain information (such as username/password combinations) by pretending to be a legitimate entity (in this case, the campus helpdesk). The ultimate goal for a malicious user in this scenario is to gain legitimate credentials. IDS/IPS devices are not normally capable of detecting this type of attack. As a result, it would be more effective for us to employ specific spam filters on the network (such as from vendor Barracuda: https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Spam_Firewall_DS_US.pdf) to block spam emails from reaching College

Related Documents

  • Superior Essays

    Crime Mapping Assignment

    • 1313 Words
    • 6 Pages

    Introduction: Over the past decade, there has been an uprising trend of the amount of crime being committed .The types of crimes that are occurring daily range from serious crimes like murders, homicides, drugs, to lower offenses like traffic violations etc. As we know, crimes are not so easy to solve or to monitor without some sort of tracking system. Today, police departments within every civilization across the globe handle some sort of gathered data imputed with crime happenings in their area…

    • 1313 Words
    • 6 Pages
    Superior Essays
  • Great Essays

    OVERVIEW OF TELEMATICS 1.1 INTRODUCTION Telematics established in 1987 and later acquired by Bahri & Mazroei is a provider of Converged Building Systems, which covers ICT Systems (Information and Communication Technology) like Structured Cabling, Data Networks, Telephoning, etc. and ELV (Extra Low Voltage) Systems like Security, Fire, BMS, Guest Room Management Systems and Car Park etc. Telematics has “ISO 9001:2008; ISO 14001:2004 and OHSAS 18001:2007 certification” and it’s arena includes Airports…

    • 9803 Words
    • 40 Pages
    Great Essays
  • Decent Essays

    number of hosts connected to the public Internet, a confederation of networks looking much like today’s Internet, would reach a hundred thousand. The 1980s would be a time of tremendous growth. Much of that growth resulted from several distinct efforts to create computer networks linking universities together. BITNET provided e-mail and file transfers among several universities in the Northeast. CSNET (computer science network) was formed to link university researchers who did not have access to…

    • 69202 Words
    • 277 Pages
    Decent Essays