97%(32)31 out of 32 people found this document helpful
This preview shows page 1 - 2 out of 2 pages.
Moch Zainuddin Qomari 18.104.22.168 Lab - Incident HandlingLab - Incident HandlingScenario 1: Worm and Distributed Denial of Service (DDoS) Agent InfestationPreparationI will scan all types of malware and scan the IP address to ensure that other PCs are clean,prepare trusted anti-virus, document every change, and I will also do a lot of research oncurrent worms to learn how it works etc.Detection And AnalysisMy first step for detection and analysis is to run anti-virus to detect viruses and check all thesoftware whether it has been updated. after that, I will scan the IP address to find the nexttarget. Adjacent IP addresses can be a good place to detect if a host is infected with a worm.In general, every legitimate program runs in a certain location on the network. Worms, on theother hand, need to find a target. If we monitor the number of IP addresses scanned by thehost, and if it exceeds a certain limit, we can safely assume that the worm has been detected.