Computer Science

profilesehar
project.docx
Home>Computer Science homework help>Computer Science

Project:

The Intrusion Detection Admin

IDS Analysis

Introduction

You have been provided a set of 10 packet captures. Each one contains a malicious payload, scan or other anomaly which needs to be detected by you. You may choose to do this in any way you see fit, but you must determine what is happening in the capture or what is being attempted.

The captures are as follows:

• MD5 (capture-01.pcap) = 19099955e62b445d0574c73bb78edcb0

• MD5 (capture-02.pcap) = 3970f783b57768e09f38476eb3068cc2

• MD5 (capture-03.pcap) = 0944977919541d4ee176450b7ce36f9d

• MD5 (capture-04.pcap) = eca68ff64a4a71f58ad21a92fd33eeb5

• MD5 (capture-05.pcap) = 554d08e7659a6dde3a53e399947e05b7

• MD5 (capture-06.pcap) = 790daf9e120a209ea26e3fce9dc7a03d

• MD5 (capture-07.pcap) = 74aecda826bc90606a4293b426b70017

• MD5 (capture-08.pcap) = 10828ee58a4000050ef7d9ed0fd9bcee

• MD5 (capture-09.pcap) = b977ac737d25ada37c263b1830f15f14

• MD5 (capture-10.pcap) = d517c40b429a960d508954e2d32544dc

Your analysis must include the details of how you arrived at your conclusion. This may include packet IDs and payload analysis (via wireshark), or it may include specific signatures that fired as a result of doing analysis across these captures (via snort), or it may have triggered your computer’s antivirus software (also a valid analysis). Note: some of these are very easy (scans and such), others are much more sinister and specific attacks. You may find the answers in the following way:

1. It may trip your virus/malware detection software

2. You can use packet analysis with tcpdump/wireshark to determine ports and payloads

3. You can enlist the use of an intrusion detection tool (like snort) to determine based on signatures

4. Be even more creative by searching the web and doing research

WARNING

Please be sure that your antivirus software is up to date BEFORE you begin doing your analysis! There is a risk of infection if you do not follow this guideline. Free antivirus is available online

Grading as follows:

• 40pts - for successfully identifying each packet capture and backing up your analysis appropriately

• TOTAL - 200pts You must submit a filename as follows -LASTNAME.xxx (where

LASTNAME is replaced with your last name. The xxx is the extension of the application used to write your paper).