2015-02-15 - TRAFFIC ANALYSIS EXERCISE

PCAP:

NOTE: ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

FIRST DECISION POINT - YOU GET SNORT ALERTS FROM THAT IP ADDRESS

Here are the associated events for the malicious traffic:

 

SECOND DECISION POINT

1)  Looking through those IDS events confirmed everything!  Time to initiate established procedures and let your UK location handle this situation.

 

2)  Still not 100 percent satisfied, are you?  People at your UK location find the computer (a Dell desktop) and perform some forensics.  They send you a ZIP archive of some suspicious files they found on the computer.

 

Click here to exit this exercise and return to the main page.