CO874 Networks and Network Security

10. A SYN based port scan is carried out and it can be said since all the traffic from the host with IP address 10.100.25.14 is sent to the host with IP address 10.100.18.12. The traffic is TCP SYN for the well known ports and it is identified as SYN based port scan.
11. In the host 10.100.18.12 the TCP port 135 is open and for the packet 2 a response is sent by the server to the client where the first packet contains the TCP session and it have relative sequence number of 1 (Understanding TCP Sequence and Acknowledgment Numbers - PacketLife.net2021).

The following screenshot shows the name and mac address of the host

The OS and browser information is found from the packet and from the information it can be said that Windows 7 NT 6.1 and the user-agent is for internet explorer 11.

The TCP stream is followed for the HTTP GET request and the website from where the infection spreaded is shown.

1. The iframe is used for embedding ad isolating the third part contents in a website and it is mostly used in web advertising. They can provide security due to its cross domain policy and an isolated rectangle in the screen for the management of third party contents and scripting. Another modern use of the iframe is the history management for the AJAX applications.

Drive by download occurs while vising a web page, opening pop ups or clicking links and iframe has the feature to embed link. The feature is allowed since it is used by some legitimate business and website for legitimate purpose. It is not considered as a security risk since it is safe to download a file until it is executed. If the iframe pops to download any file it can be a sign of drive by download.

1. For investigating run is needed to be opened in the computer and appwiz.cpl is needed to be entered for opening program and feature. On the list of program any application that appears to be an adware is needed to be located and uninstalled for eliminating the vulnerabilities of the web browser. For more security, the browser is needed to be updated and the temporary internet files are needed to be deleted.
2. From the source code analysis, it can be said that Mirai can be used for network level and HTTP flooding attacks. On infecting a device Mirai finds the other malware present in the device and deletes it for getting full access of the system. It also has some Russian strings which is the red herring of its origins. On the network security it is found that botnets are stored in memory and rebooting cannot purge the potential infection because it can re-infect the infected devices and thus it is recommended that the password of the vulnerable devices are needed to be changed to a strong password before rebooting.
3. The following are the list of various DDoS attacks used by Mirai:

• Krebs on security site
• Github
• Twitter
• Reddit
• Netflix
• Airbnb

Kerbs on security DDOS attack was made in the year 2016 and it exceeded 620 gbps and the source was mirai botnet. The bot have compromised 600000 IOT devices. For blocking the attack strong password is needed to be used for the IoT devices and restarting the affected system.

Stealth scans can be performed using nmap and it includes the following steps:

• Using TCP connect protocol for scanning
• Using SYN flag for scanning
• Using alternates such as UDP scans or null scans
• Dropping below the threshold

Most of the intrusion detection system can alert the admin about scan and block by sending an alert message. It can also find the IP address of the machine performing the scan. SNORT is a popular IDS and has signatures and rules set for detecting scan (Rao and Nayak 2014). By default, a minimum threshold of 15 ports per second and it is needed to be modified for detecting the stealth scan.

In normal method the TCP SYN attack is detected by collecting the packet over times and if the flood rate that is set in the rule is exceeded then an alert is sent.  

For the anomaly based detection a robust profile is needed to be created and it may contain the following data:

• Specific set of users logged in remotely to a web application
• Application using specific acceptable password design
• Traffic during peak and non-peak time as state by organization
• External patterned network connectivity pattern

References

Rao, U. and Nayak, U. (2014) "Intrusion Detection and Prevention Systems", The InfoSec Handbook, pp. 225-243. doi: 10.1007/978-1-4302-6383-8_11.

Understanding TCP Sequence and Acknowledgment Numbers - PacketLife.net (2021). Available at: https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ (Accessed: 14 April 2021).

Need to wrap up assignments on time? Stringent deadlines getting the better of you? Our in-house academic papers writers are available round the clock to work on your assignments and share the same much ahead of the deadline. From offering Finance assignment help to backing you up with Law assignment help in London, we are right here to assist you through the thick and thin of assignment stringencies. So, the next time you would worry about a narrow deadline or wonder, “Can I pay someone to do my assignment on time?” count on us and never look back.