The follows is an email header. What address is that of the true originator of the message? Return-Path: Received: from smtp.com (fw.emumail.com [215.52.220.122]. By raq-221-181.ev1.net (8.10.2/8.10.2. With ESMTP id h78NIn404807 for; Sat, 9 Aug 2003 18:18:50 -0500 Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000 Received: from ([19.25.19.10]. By smtp.com with SMTP Received: from unknown (HELO CHRISLAPTOP. By localhost with SMTP; 8 Aug 2003 23:25:01 -0000 From: 'Bill Gates' To: 'mikeg' Subject: We need your help!
Date: Fri, 8 Aug 2003 19:12:28 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary='----=_NextPart_000_0052_01C35DE1.03202950' X-Priority: 3 (Normal. X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal A. 19.25.19.10 B. Enya greatest hits full album torrent download. 51.32.123.21 C. 168.150.84.123 D.
215.52.220.122 E. Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device 'firewall' will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.
NetWare: Detailed Information NetWare is a sophisticated, 32-bit network operating system (NOS) that supports Windows, UNIX, OS/2, Mac OS, IBM SAA, and DOS environments.
You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? Answer: D Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system.
The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS. Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the Trojan communicates to a remote server on the Internet. Shown below is the standard 'hexdump' representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?
Port 1890 (Net-Devil Trojan) B. Port 1786 (Net-Devil Trojan) C. Port 1909 (Net-Devil Trojan) D.
Port 6667 (Net-Devil Trojan). ETHER: Destination address: 0000BA5EBA11 ETHER: Source address: 00A0C9B05EBD ETHER: Frame Length: 1514 (0x05EA) ETHER: Ethernet Type: 0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Precedence = Routine IP.0.
= Normal Delay IP.0. = Normal Throughput IP.0. = Normal Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 (0x1DE4) IP: Flags Summary = 2 (0x2) IP.0 = Last fragment in datagram IP.1. = Cannot fragment datagram IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP - Transmission Control IP: Checksum = 0xC26D IP: Source Address = 10.0.0.2 IP: Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number = 97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) TCP: Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x10:.A. = No urgent data TCP.1.
= Acknowledgement field significant TCP.0. = No Push function TCP.0. = No Reset TCP.0. = No Synchronize TCP.0 = No Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent Pointer = 0 (0x0) An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?
Create a SYN flood B. Create a network tunnel C.
Create multiple false positives D. Create a ping flood. You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem?