Finding A malicious Network Traffic

(1)

qwertyuiopasdfghjklzxcvbnmqw

ertyuiopasdfghjklzxcvbnmqwert

yuiopasdfghjklzxcvbnmqwertyui

opasdfghjklzxcvbnmqwertyuiopa

sdfghjklzxcvbnmqwertyuiopasdf

ghjklzxcvbnmqwertyuiopasdfghj

klzxcvbnmqwertyuiopasdfghjklz

xcvbnmqwertyuiopasdfghjklzxcv

bnmqwertyuiopasdfghjklzxcvbn

mqwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqwe

rtyuiopasdfghjklzxcvbnmqwerty

uiopasdfghjklzxcvbnmqwertyuio

pasdfghjklzxcvbnmqwertyuiopas

dfghjklzxcvbnmqwertyuiopasdfg

hjklzxcvbnmqwertyuiopasdfghjk

Network Discovery

ARST 5100 • Archives and Technology 12 October 2011

(2)

ARST 5100 · Archives and Technology Assignment 6: Network Discovery

Note: Do not use screenshots unless specifically allowed. Task 1. Define (describe) the following.

What do the acronyms stand for? What is its function in the network? 1. IP Address: Internet Protocol Address

a. Functions: Identifies the host or network – the location address 2. DHCP: Dynamic Host Configuration Protocol

a. Functions: Allows IP Addresses to be dynamic rather than fixed; Tracks all devices connected to a network; prevents accidental assignment of the same IP Address by multiple addresses.

3. DNS: Domain Name System

a. Functions: Translates domain names into an Internet Protocol Address (mapping function). For instance the domain name gjenvick.com is on a dedicated server using two name servers ns1,Gjenvick.com and

ns2.gjenvick.com resolving to IP Address 174.121.252.46 with an Autonomous System Number (ASN) of AS21844 assigned to ThePlanet.com Internet Services, Inc. (Hostgator).

4. MAC Address: Media Access Control Address aka Ethernet Hardware Address (EHA)

a. Functions: Allows computers to be uniquely identified on a network, used by the network adapters. This unique identifier is most often assigned by the manufacturer of the Network Interface Card (NIC). 5. Gateway: (Protocol Converters)

a. Functions: Software used by routers that interprets and translates different protocols used on two distinct networks. The Gateway performs at the Application Layer and converts information from one protocol to another. The Gateway allows multiple devices to access the internet via one IP Address – The Gateway IP.

6. Firewall: (Computer/Network Security Device)

a. Functions: Prevents unauthorized or malicious communication between computers and/or computer networks. It operates on many different levels including computer software, operating system, network router, servers, etc.

7. VPN: Virtual Private Network

a. Function: An extension of a private network often used in business to connect remote users to a secure internal network using shared public infrastructure (the internet). Security protocols such as L2TP are used to encrypt data at the sending end and decrypt it at the receiving end.

8. DoS: Denial of Service (attack)

a. Misuse: Typically, Denial of Service attacks occur when there is a

deliberate attempt to stop a computer (or server) from performing such as: i. Attempting to flood a network, preventing legitimate network

(3)

ii. Disrupting the connections between two computers or servers, preventing access to a service

iii. Disrupting services to a specific system or person

b. Brute force botnets are often used in an attack the severity of which can be increased through the use of Distributed Denial of Service (DDoS) attacks. Zombies are used to direct a coordinated attack on a targeted network. c. The motivations for botnet attacks include Extortion, Corporate Warfare,

or Nationalistic Pride.i

Task 2: Find the IP Addresses for your VirtualBox and for your host computer. List the Network Interface Card with its address. Note whether you used the GUI or the CLI.

1. Ubuntu Virtual Box (GUI) a. IPv4 Address: 192.168.56.1

b. IPv4 Subnet Mask: 255.255.255.0 2. Windows or Mac host (GUI)

a. IPv4 Address: 192.168.0.2

b. IPv4 Subnet Mask: 255.255.255.0

Task 3: Find the default gateway and name server for your virtual and host computers.  Host Computer

o Default Gateway: 192.168.0.1

o Name Server: IPv4 DNS Servers: 68.87.68.166, 68.87.74.166

 Virtual Box:

o Default Gateway: [Not Provided using ipconfig or ifconfig

command]

o Name Server: 192.168.56.1

Source for instructions: http://kb.iu.edu/data/ajfx.html; DNS – My own knowledge used GUI network Properties to obtain DNS servers.

Task 4: Find

a. IP Address for mas.clayton.edu: 168.28.51.14 [Labeled as non-authoritative answer]

b. Domain name for 168.25.51.14: Non-existent domain

Task 5: Ping a) your machine, and b) pingtest.net to determine response time a. Ping localhost: Minimum = 0 ns, Maximum = 0 ns, Average = 0 ns

b. Ping pingtest.net: Minimum = 84 ns, Maximum = 90 ns, Average = 86 ns Task 6: Configure your host machine to connect to the Clayton State VPN [Skipped – CSU does not allow students to connect to VPN]

(4)

‐ ‐

‐ Denial of Service (DoS) attack. Instead of its function (use), describe its misuse. Task 2. Find the IP addresses for your VirtualBox and for your host computer. List the network

interface card with its address.

Note: You will likely have at least two for each computer. Note whether you used the GUI or the CLI.

Ubuntu virtual box

Connection-specific DNS Suffix:

Description: VirtualBox Host-Only Ethernet Adapter Physical Address: 08-00-27-00-50-FF

DHCP Enabled: No

IPv4 Address: 192.168.56.1

IPv4 Subnet Mask: 255.255.255.0

IPv4 Default Gateway: IPv4 DNS Server: IPv4 WINS Server:

NetBIOS over Tcpip Enabled: Yes

Windows or Mac host

Connection-specific DNS Suffix:

Description: Intel(R) Centrino(R) Wireless-N 6150 Physical Address: 40-25-C2-2E-D3-80

DHCP Enabled: Yes

IPv4 Address: 192.168.0.2

IPv4 Subnet Mask: 255.255.255.0

Lease Obtained: Monday, October 03, 2011 4:25:24 PM Lease Expires: Wednesday, October 05, 2011 9:56:46 AM

IPv4 Default Gateway: 192.168.0.1 IPv4 DHCP Server: 192.168.0.1

IPv4 DNS Servers: 68.87.68.166, 68.87.74.166

IPv4 WINS Server:

NetBIOS over Tcpip Enabled: Yes

Microsoft Windows [Version 6.1.7601]

C:\Users\Paul>$ ifconfig

'$' is not recognized as an internal or external command, operable program or batch file.

C:\Users\Paul>ifconfig

(5)

operable program or batch file.

C:\Users\Paul>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection 2:

Media State . . . : Media disconnected Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection 3:

Wireless LAN adapter Wireless Network Connection 2:

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

IPv4 Address. . . : 192.168.0.2 Subnet Mask . . . : 255.255.255.0 Default Gateway . . . : 192.168.0.1

Ethernet adapter Local Area Connection:

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :

IPv4 Address. . . : 192.168.56.1 Subnet Mask . . . : 255.255.255.0 Default Gateway . . . :

C:\Users\Paul>^A

Task 3. Find the default gateway and name server for your virtual and host computers. Use the Internet to search for instructions. Be sure to include the URL(s) for the page(s) you used for instructions.

(6)

Ubuntu virtual box Windows or Mac host

Task 4. Find a) the IP address for mas.clayton.edu and b) the domain name for 168.25.51.14.

a)168.28.51.14

b) No reverse DNS entry per ns.usg.edu C:\Users\Paul>nslookup 168.25.51.14

Server: cns.s3woodstock.ga.atlanta.comcast.net Address: 68.87.68.166

*** cns.s3woodstock.ga.atlanta.comcast.net can't find 168.25.51.14: Non-existent domain

Task 5. Ping

a) your machine and

b) pingtest.net to determine the response time. List the average

response time for at least four pings. Ping will give you this information in both Windows and Linux, but it is formatted differently.

Ubuntu

Windows or Mac host : Average Response Time: 0ms

Task 6. Configure your host machine to connect to the Clayton State’s VPN. Paste a screen shot below.

Optional Task 7. If possible, log into your home router. Paste a screen shot below.

i

David Slee, Common Denial of Service Attacks, July 10, 2007, Retrieved from

http://www.infosecwriters.com/text_resources/pdf/DSlee_Denial_of_Service_Attacks.pdf