计算机网络代写 | IN2011 Computer Networks : Courswork 1

这个作业是模拟网络攻击
IN2011 Computer Networks : Courswork 1
February 13, 2020
1 Fictional Back Story
One of the company test servers has been hacked! Fortunately your networking
team was recording the traffic going to and from the server while diagnosing an
unrelated fault. You have a complete log of the attack! The CEO has asked
you to use your knowledge of networking to answer four key questions:
1. How did the attacker find the vulnerability?
2. How did they exploit the vulnerability to gain access?
3. What did they do once they had access?
4. What could be done to stop this happening again?
2 Tasks
• Download the file attack.pcap from Moodle and open it in Wireshark
(either in the virtual machine image or on your own computer).
• Using your knowledge of network protocols and the features of Wireshark
work out what has happened.
• Write a short report (4 pages max!) which answers four questions given
above.
• Every claim or observation you make must be linked to one or more packets
or parts of packets in the pcap file. Use the packet number (on the far left
of the main display) to identify packets.
3 Deadline
Week 9, 22/03/2020, 17:00
1
4 Mark Scheme
This is individual coursework. Each of the four questions is worth 10% of the
course mark and will be marked out of 10 according to the following criteria:
Correctness Are the technical claims you are making correct?
Completely → 3, mostly right → 2, mostly wrong → 1, completely wrong
→ 0
Completeness Have you identified all of the relevant information?
Everything → 4, most → 3, some → 2, one or two things → 1, nothing →
0.
Referencing Are all claims supported by references to packets or parts of
packets?
Everything referenced → 2, some references → 1, few references → 0.
Narrative Can you explain why the attacker what they did → 1?
5 Hints
• Filters are very important for narrowing down what you are looking for
and hiding things that you have already understood.
• To fully understand what is happening you will need information from
several protocol layers. As the course is covering these in order, not all
of the relevant information has been taught before the coursework is set.
If things don’t immediately make sense, don’t panic and pay attention to
future lectures and reading.
• The practicals contain some relevant exercises to get you started with
Wireshark.
• All of the tools needed to generate the attack file are on the virtual machine
image so it should be possible to test out different ideas and see what
packets they generate.
• Don’t just look at the protocol information, the pattern and amount of
data exchanged may be useful, especially if some of the packets are encrypted.
2