Recently our university’s network was successfully attacked. The result was a loss ofservice for a twenty four hour period. This is known as a Distributed Denial of Service attack(DDoS). An investigation has been completed and it was determine that the attack originatedfrom inside the network. A password sniffing application was installed on multiple computersthroughout the university network. The application scans networks traffic looking foradministrative passwords. The data is logged and the attacker reads the logs and learns thepasswords. Using this password, the attacker can now masquerade as a system admin with all ofthe elevated privileges afforded to those individuals. This can include but is not limited tohardware/software installation, access to configurations, user accounts, servers, sharedrives,directories etc. The attacker used this password to gain privileged access to a number ofcomputers and turned them into a ‘botnet’. A botnet is essentially a large number of computersthat have been compromised and are under the control of a single person and are used to carryout attacks on legitimate networks. The attacked used the botnet to send numerous connection
