After studying the following log entries, how many user IDs can you identify that the attacker has tampered wi
After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc
Assuming the defaults were used, how can you detect these sniffing interfaces?
During the intelligence-gathering phase of a penetration test, you discover a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems.
While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and is managed and sends reports via another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?
Which of the following lists the best options?
Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?
This is an authentication method in which is used to prove that a party knows a password without transmitting
This is an authentication method in which is used to prove that a party knows a password without transmitting the password in any recoverable form over a network. This authentication is secure because the password is never transmitted over the network, even in hashed form; only a random number and an encrypted random number are sent.
What tool could Harold use to centrally manage any changes on his servers?
Harold has just been hired on as the senior network administrator for the University of Central Michigan. He essentially is in charge of 200 servers and about 10,000 client computers. Because of the immense network size of the university, Harold wants to centrally manage the network as much as possible.
Harold supervises 10 server administrators, 4 Exchange administrators, and 20 help desk technicians. Because of the separated job duties, Harold wants to ensure that nothing is changed on the network without his knowledge and consent. His main concern is the 200 servers his subordinates take care of.
Harold wants to be alerted whenever critical files, folders, shares, etc are changed on any of the servers, and he wants all this information available to him from one management console, not a console on each individual server. What tool could Harold use to centrally manage any changes on his servers?
What can you infer from this information?
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?
_____ is the process of converting something from one representation to the simplest form. It deals with the w
_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.
From the following options choose how best you can achieve this objective?
While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?
What would be the next logical step that you should perform?
You are performing a port scan on a subnet that has the ICMP protocol blocked. You discover 23 live systems and after doing a port scan on each of them; you notice that they all show port 21 in closed state. What would be the next logical step that you should perform?
Why would an attacker try to create a null session with a computer on a network?
Maurine is working as a security consultant for Hinklemeir Associates. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.
Why would an attacker try to create a null session with a computer on a network?