Sei sulla pagina 1di 17

cois23001 network security

centr al queensland

univ er si ty

cois23001- network security

assignment item 1: assignment 1

tutor: edilson arenas

submitted by:

name: srinath gollapudi

student id: s0118253

due date: 15 /08/08

word count: 1050


table of contents

question 1: documenting labsim progress..............................................................................


question 2: password guessing...............................................................................................
question 3: protocol analysis with ethereal............................................................................
question 4: port address translation.......................................................................................
question 5...............................................................................................................................
cois23001 network security

question 1: documenting labsim progress

week 1
0.1.2 create a local user account
0.1.3 change the account type
0.1.7 create domain user account
0.1.8 disable a user account
0.1.9 reset the password
0.2.3 create a user
week 3

4.1.1 enforce ntlm authentication

week 4

6.1.4 disable file and printer sharing


6.1.5 uninstall a component
6.1.6 disable netbios over tcp/ip
6.1.8 enforce smb signing
6.2.7 stop & disable services
6.3.2 format a drive
6.3.3 convert a drive
6.3.5 change ntfs permissions
6.3.6 configure ntfs permissions
6.3.8 encrypt a file
6.3.9 encrypt a folder & contents
6.4.2 modify file system rights
6.4.3 add a trustee & rights
6.4.5 modify file attributes
cois23001 network security
week 5

7.1.2 enable auditing 1


7.1.3 enable auditing 2
7.1.5 save the audit log
7.1.6 change log properties
7.1.7 configure the system to shut down
cois23001 network security

question 2: password guessing


passwords for files password1.doc, password2.doc and password3.doc.

the passwords should be of 8 or more characters in length. each character that you add to
your password increases the protection by many times. the password1.doc contains the
password as a combination of letters, numbers. the greater the variety of characters
(includes symbols) that you have in your password, the harder it is to guess. the length of
the password is not an ideal, however combination of letters and numbers makes harder
to guess for hackers. the password1.doc strength is better when compared to
password2.doc and password3.doc, however it is not ideal one to choose.

the password for password2.doc is easy breakable. it contains the sequence numbers as
password. the sequence numbers and adjacent letters on keyboard do not make secure
passwords. the password2.doc is weakest one when compared to password1.doc and
password3.doc.
cois23001 network security

password3.doc password is the weakest. hackers use sophisticated tools that can rapidly
guess passwords that are based on words in multiple dictionaries, including words spelled
backwards, common misspellings, and substitutions. always avoid dictionary words in
any language, because they can be easily hacked by using dictionary

question 3: protocol analysis with ethereal


3.1 capture filter for www.cqu.edu.au
3.2 capturing traffic from www.cqu.edu.au and showing three way handshake
cois23001 network security
the first segment of the three way handshake is establishing a tcp connection between
source and destination. in the above screen shot the packet on establish the connection
through syn flag set. the connection between destination ports 80 to source port 50046.
the packet match sequence numbers in counting bytes of data which will be
shared.
cois23001 network security

the second segment of the three way handshake is to establish a syn/ ack flags set. the
syn/ack flags are set through server. the above screen shot packet 2 synchronizes byte
count with the originator and acknowledge the original packet.
the above screenshot packet 3 shows the final segment of the three way
handshake with ack flag. the originator returns an "ack" which acknowledges the
packet the destination just sent him. the connection is now open between port
80 and port 50046 and ongoing communication between the originator and the
destination are permitted until one of them issues packets, or the connection
times out.

3.4 capturing traffic from https://staffmail.cqu.edu.au


cois23001 network security
the packet cannot be found in the packet list because the login name and password
entered is duplicate and these packets are not uploaded because the information of the
packet is giving tcp dup ack, which shows the missing data or incorrect information.
the webmail also protected from secure socket layers so it is not display on the
ethereal packets, which are encrypted.

question 4: port address translation

packet addressing on internal network packet addressing on external network


source source dest. ip dest. source ip source dest. ip dest.
ip port port port port
10.0.0.1 1033 139.78.9.245 80 65.64.72.10 4111 139.78.9.245 80
3
10.0.0.1 1035 65.64.72.104 25 65.64.72.10 4226 65.64.72.104 25
3
10.0.0.2 2301 139.78.9.245 80 65.64.72.10 4224 139.78.9.245 80
3
10.0.0.2 2302 65.64.72.104 25 65.64.72.10 4500 65.64.72.104 25
3
10.0.0.3 4123 139.78.9.245 80 65.64.72.10 4662 139.78.9.245 80
3
10.0.0.3 4128 65.64.72.104 25 65.64.72.10 4664 65.64.72.104 25
3
10.0.0.4 1033 139.78.9.245 80 65.64.72.10 4672 139.78.9.245 80
3
10.0.0.4 1035 65.64.72.104 25 65.64.72.10 4750 65.64.72.104 25
3

question 5
1. discuss how you would review the sequence of packets in the figure. what would you
look for?
the sequence of packets is reviewing the signatures of packets that attempt to access
the server, packet filtering rules and search for the correct three way hand shaking.
2. what kind of scan is involved?
the scan is involved to find the specific trojan scans.
3. what is the hacker attempting to locate?
the hacking start with a common scan of internet protocol address, they carry on looking
for specific ports, back doors, mac address and individual applications.
4. what is the source port being used by the hacker?
200.101.176.11 : 3322
200.101.176.11 : 3323
200.101.176.11 : 3324
200.101.176.11 : 3325
cois23001 network security

Potrebbero piacerti anche