26.1.7 Lab Snort and Firewall Rules - PanamaP/KEST3CO05DU GitHub Wiki

The R1 shell opens in a terminal window with black text and white background. What user is logged into that shell? What is the indicator of this?

Root notandi, sérð það ef það er # merki

What port is used when communicating with the malware web server? What is the indicator?

Port 6666

Was the file completely downloaded?

Já

Did the IDS generate any alerts related to the file download?

Já

Based on the alert shown above, what was the source and destination IPv4 addresses used in the transaction?

Source 209.165.200.235 Destination 209.165.202.133

Based on the alert shown above, what was the source and destination ports used in the transaction?

Source port 34484, Destination port 6666

Based on the alert shown above, when did the download take place?

Sama tíma og ég gerði það

Based on the alert shown above, what was the message recorded by the IDS signature?

"Malicious Server Hit!"

How can be this PCAP file be useful to the security analyst?

Mjög nothæft í að endurrekja pakka á networkinu

What chains are currently in use by R1?

INPUT, OUTPUT og FORWARD

Was the download successful this time? Explain.

Nei, eldveggurinn lokaði á það.

What would be a more aggressive but also valid approach when blocking the offending server?

Bara loka á hann