Note-15 - CSE 494/598 Forensic Computing: Computer and...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer and Network Forensics Prof. Gail-Joon Ahn Practices: Network Logs 2 Timestamp src-IP.port > des-IP.port: flag sequence_numbers (buffer) ack ack’s_sequence_number win win’s_buffer_length Op 10:35:41.584516 13 .0.256.256. 2845 > 2 .0.256.256. 25 : P 512 : 1024 (512) ack 58136195 win 9172 (DF) Time stamp : hr*3600+min*60+sec Please refer to the following link for more details and practice how the SYN flooding and port scanning attacks can be identified: 3 Analysis Target: SYN Flooding Attack Network Send SYN seq=x Receive SYN segment Send SYN seq=y , ACK x+1 Receive SYN + ACK segment Send ACK y+1 Receive ACK segment initiator responder Half-open connections by Analysis Target: Network Scanning ! Intruders use different parameters to build knowledge about a targeted network ! Information Gathering : 1. Find which systems are alive? 2. Find what services are running? 3. Identify the version of services running? 4. Identify which Operating System is running on the target machine? ! The process of identifying “live” hosts and devices within the addresses targeted ! Can be accomplished in phases using a variety of ICMP, TCP and UDP packets ! Bombard the potential addresses with ICMP packets ! Send a limited number of TCP packets to all ! Send a very limited number
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/30/2009 for the course CSE 494 taught by Professor Rao during the Spring '08 term at ASU.

Page1 / 9

Note-15 - CSE 494/598 Forensic Computing: Computer and...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online