logo

Being Observed Questions 2022

   

Added on  2022-10-08

6 Pages762 Words15 Views
1. What traffic is being observed, what kind of DoS is this, and how is it being
conducted.
After observing the network, the resources of the network were overwhelmed by
large number of incoming packets. The allocated bandwidth of the network was not
available as well. After a while, the network went offline. This kind of denial of
service is related to Internet Control Message Protocol (ICMP) Flood. Packets
containing random as well as fixed IP address were overwhelming the network.
This Inbound Traffic is conducted by sending internet control message protocol
echo request packets that are bigger than 65,507 bytes to the network amplifier. The
return address having been spoofed to the targets internet protocol address, the
reassembled fragments floods the Transfer Control Protocol/Internet Protocol stack.
2. What volume of traffic was directed at the victims of the DoS? What is the
relation between inbound and outbound traffic?
The inbound traffic was consuming the entire volume of traffic. Bandwidth. This is
because the targeted devices ability to respond to high number of requests was
Being Observed Questions 2022_1
overwhelmed. The number of devices in the botnet target was high hence the traffic
was substantial.
Inbound traffic is the information/ packets coming in to a particular network while
outbound traffic is the information/ packets going out of a network. These two traffic
go through a device called a router that has both a public and private IP address.
3. Prepare a 1-page advisory for the company explaining what the problem is,
linking to appropriate CVE entries, and suggest how they could be remediate
the issue both in the short term and what can be done to implement a more
permanent fix.
The current situation with the network is that you are facing an ICMP (Internet
Control Message Protocol) flood attack. This attack is flooding your network
causing Distributed Denial of Service due to capacity overload hence your network
infrastructure cannot cope. This attack has also lead to inaccessibility of shared
resources like main central database and printers.
The CVE entry of ICMP is as follows:
Vulnerability Details : CVE-2018-2671
CVSS Scores and Vulnerability Types
CVSS Score 4.9
Confidentiality Impact None
Integrity Impact None
Avaulability Impact Complete
Being Observed Questions 2022_2
Accessibility Complexity Low
Authentication Not required
Gained Access None
Vulnerability Types Distributed Denial of Service
CWE ID 284
Remedies
Short Term:
Scanning for and finding network Vulnerabilities.
Use standard practice like AVDS for discovering vulnerabilities. Before scanning for
vulnerabilities, make sure that you set the precise scope and frequency of the
network scan.
The scans should be carried out on weekly basis. If you have an existing scanning
solution, it should be easy, possible as well as affordable.
Penetration Testing.
Using AVDS is recommended since it uses behavior based testing that eliminates
false positive reports by other testing platform. Penetration testing procedures for
vulnerabilities discovery produces the highest rate of discovery accuracy, but
degrades its value. Pentesting accuracy, frequency and scope would best, done by
AVDS.
Security Update
Being Observed Questions 2022_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Research Report on Network Management
|5
|1121
|33

Understanding DoS and DDoS Attacks
|4
|834
|488

Ransom DDoS Attacks on VMware based cloud systems and possible counter measures
|115
|22008
|154

Firewall Rules for Network Security: Accessing, Mitigating Virus Attack, VPN Access, VLAN Access, Blocking RFC 1918
|10
|922
|63

Conducting a Security Analysis Baseline for Organizational Protection
|17
|4323
|178