Network Security Analysis 2022
Added on 2022-10-13
13 Pages2701 Words31 Views
Running Head: Network Security Analysis 1
Network Security
Name of the Student
Name of the Institution
Network Security
Name of the Student
Name of the Institution
Network Security Analysis 2
Network Security Analysis
Part 1: Researching Network Attacks
Step 1: Research various network attacks
With sophisticated technology development, hackers have continued to advance their
tools to match present-day technology and have been able to launch several attacks targeted at
stealing information and gaining access and control to information systems. Throughout the IT
world history, some of the devastating attacks that have dealt the world tough blows include
Code Red, Nimba, Back Orifine, SQL Slammer and Tribe flood network attack among others.
Step 2: Fill in the following form for the network attack selected
Name of the Attack
The Code Red (CRv2) Worm Attack
Type of the Attack
Worm attack
Dates of the Attack
31st July, 2001.
Computers and Organizations affected
In less than 14 hours, more than 359,000 computers that were connected to the internet were
infected with the worm in an attack that was estimated to hav costed global organizations over
$2.6 billion.
Affected IIS versions 4.0 and 5.0 as well as Cisco products.
Network Security Analysis
Part 1: Researching Network Attacks
Step 1: Research various network attacks
With sophisticated technology development, hackers have continued to advance their
tools to match present-day technology and have been able to launch several attacks targeted at
stealing information and gaining access and control to information systems. Throughout the IT
world history, some of the devastating attacks that have dealt the world tough blows include
Code Red, Nimba, Back Orifine, SQL Slammer and Tribe flood network attack among others.
Step 2: Fill in the following form for the network attack selected
Name of the Attack
The Code Red (CRv2) Worm Attack
Type of the Attack
Worm attack
Dates of the Attack
31st July, 2001.
Computers and Organizations affected
In less than 14 hours, more than 359,000 computers that were connected to the internet were
infected with the worm in an attack that was estimated to hav costed global organizations over
$2.6 billion.
Affected IIS versions 4.0 and 5.0 as well as Cisco products.
Network Security Analysis 3
Systems running on XP beta, Windows 95, 98 and ME were also affected by the warm.
The worm attack was a global attack that targeted large corporations and preyed on both home-
based and small computers (Moore & Colleen, 2002).
How it works and what it did
Prior to the attack, eEye had released buffer overflow vulnerabilities in Microsoft’s Internet
Information Server (IIS) web servers on June 18 the same year. Microsoft responded by
releasing a software security patch update nine days later. Unfortunately, the patch did not work
as Code Red v2 stroke a few days later, by way of exploiting the reported vulnerabilities
(Berghel, 2001).
As an active worm, Code Red exploited security weaknesses in networking operating systems in
a highly aggressive manner to gain entry into computer and computing systems. Additionally,
the worm had a few more features that are never found in other worms. These included the
ability to propagate through transmission control protocol/internet protocol (TCP/IP) hypertext
transfer protocol port 80, identifying itself by defacing websites with the www.worm.com –
hacked by Chinese welcome messages. Other features included self-propagation that was fueled
by means of random generation of IP addressed that had bugs in them. Soon after gaining access
to a computer system, the worm was designed in such a way that it automatically initiated denial
of service (DoS) attacks on both machines and computer systems. The randomly generated IPs
were then probed on each machine while the worm tries to while the worm tried to infect more
machines between 1st and 19th of each month (incubation and infection stages). Between 20th and
28th of every month, the worm is programmed to cause DoS attacks and remains dormant for the
rest days of the month.
Systems running on XP beta, Windows 95, 98 and ME were also affected by the warm.
The worm attack was a global attack that targeted large corporations and preyed on both home-
based and small computers (Moore & Colleen, 2002).
How it works and what it did
Prior to the attack, eEye had released buffer overflow vulnerabilities in Microsoft’s Internet
Information Server (IIS) web servers on June 18 the same year. Microsoft responded by
releasing a software security patch update nine days later. Unfortunately, the patch did not work
as Code Red v2 stroke a few days later, by way of exploiting the reported vulnerabilities
(Berghel, 2001).
As an active worm, Code Red exploited security weaknesses in networking operating systems in
a highly aggressive manner to gain entry into computer and computing systems. Additionally,
the worm had a few more features that are never found in other worms. These included the
ability to propagate through transmission control protocol/internet protocol (TCP/IP) hypertext
transfer protocol port 80, identifying itself by defacing websites with the www.worm.com –
hacked by Chinese welcome messages. Other features included self-propagation that was fueled
by means of random generation of IP addressed that had bugs in them. Soon after gaining access
to a computer system, the worm was designed in such a way that it automatically initiated denial
of service (DoS) attacks on both machines and computer systems. The randomly generated IPs
were then probed on each machine while the worm tries to while the worm tried to infect more
machines between 1st and 19th of each month (incubation and infection stages). Between 20th and
28th of every month, the worm is programmed to cause DoS attacks and remains dormant for the
rest days of the month.
Network Security Analysis 4
After first infecting a machine, the probing was done to check if th machine was already Code
Red v2 infected. If not, the worm then proceeded to initiate propagation mechanism by setting up
a backdoor and causing an auto-reboot in a machine. Unlike other versions of Code Red, code
Red v2 does not reside in system memory and cannot be eliminated by restarting an already
infected machine did not eliminate the warm.
In IIS server machines, the worm exists in .dll indexing file, a fact that made it possible for the
worm to run on the highest system privileges. It was easily possible fo the worm to do whatever
it wanted with a system from this level.
The worm has two parts- exploit and payload. The exploit represents sequence of actions that
enabled the worm to take advantage of security vulnerabilities by performing HTTP Get requests
through port 80 on the IIS and looking for the default.ida file. The file search is then followed by
a code to cause buffer overflow and execute attacks. Where the default.ida file was not available,
the worm made calls idd.dll file running system privileges, enabling it to jump to bypass the
unfound ida.dll file.
During the payload phase, system services crash and restart. During this restart, the worm
propagate itself through the internet by performing IP range scans, deface web pages and
launches DoS attacks.
Mitigating Against Code Red
Computer security analysts recommend that any computer systems should be patched regardless
of whether they are Code Red infected or not. An ideal solution would be to patch the system
before the infection takes place. Security experts also indicate that this attack could have been
easily mitigated should have Windows IIS server machines users installed the patch updates and
After first infecting a machine, the probing was done to check if th machine was already Code
Red v2 infected. If not, the worm then proceeded to initiate propagation mechanism by setting up
a backdoor and causing an auto-reboot in a machine. Unlike other versions of Code Red, code
Red v2 does not reside in system memory and cannot be eliminated by restarting an already
infected machine did not eliminate the warm.
In IIS server machines, the worm exists in .dll indexing file, a fact that made it possible for the
worm to run on the highest system privileges. It was easily possible fo the worm to do whatever
it wanted with a system from this level.
The worm has two parts- exploit and payload. The exploit represents sequence of actions that
enabled the worm to take advantage of security vulnerabilities by performing HTTP Get requests
through port 80 on the IIS and looking for the default.ida file. The file search is then followed by
a code to cause buffer overflow and execute attacks. Where the default.ida file was not available,
the worm made calls idd.dll file running system privileges, enabling it to jump to bypass the
unfound ida.dll file.
During the payload phase, system services crash and restart. During this restart, the worm
propagate itself through the internet by performing IP range scans, deface web pages and
launches DoS attacks.
Mitigating Against Code Red
Computer security analysts recommend that any computer systems should be patched regardless
of whether they are Code Red infected or not. An ideal solution would be to patch the system
before the infection takes place. Security experts also indicate that this attack could have been
easily mitigated should have Windows IIS server machines users installed the patch updates and
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber Security: WannaCry Ransomware Attack Discussion 2022lg...
|10
|1923
|20
This vulnerability allows the attackerslg...
|21
|1135
|15
CVE-2017-0144 Vulnerabilitylg...
|4
|666
|199
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMSlg...
|12
|794
|21
The WannaCry Ransomware: Concept, Impact, and Responselg...
|13
|774
|175
CVE-2017-0144 Vulnerability and EternalBlue Exploit: Risk Assessment and Preventative Measureslg...
|10
|1104
|258