Consider the following three possible events that may be highlighted on SOC dashboards: a) A significant and unusual increase in the number of ARP responses on an internal network link. b) A significant and unusual increase in the number of TCP half open connections from different IP addresses on the organisation’s web server. c) A significant and unusual increase in the number of failed logins to intranet services, but no associated increase in the number of user accounts that have been automatically locked. Based on the above events complete the following tasks: i. Identify a security attack that may cause the above symptoms and describe how it works. ii. Explain why the above symptoms would be observed for your identified attac
Consider the following three possible events that may be highlighted on SOC dashboards:
a) A significant and unusual increase in the number of ARP responses on an internal network link.
b) A significant and unusual increase in the number of TCP half open connections from different IP addresses on the organisation’s web server.
c) A significant and unusual increase in the number of failed logins to intranet services, but no associated increase in the number of user accounts that have been automatically locked.
Based on the above events complete the following tasks:
i. Identify a security attack that may cause the above symptoms and describe how it works.
ii. Explain why the above symptoms would be observed for your identified attack.
Step by step
Solved in 2 steps