commonwealth bank network design 1. Rainbow table attacks are a type of attack that attempts to discover

commonwealth bank network design

Transcribed Image Text:

1. Rainbow table attacks are a type of attack that attempts to discover the password from the hash. However, they use rainbow tables, which are huge databases of precomputed hashes. It helps to look at the process of how some password crackers discover passwords without a rainbow table. Assume that an attacker has the hash of a password. What are the steps to crack a password using a rainbow table attack? 2. Identify the following in a server log as shown in Figure 3. a: Account received b: IP address from which they were sent. c: Time and date (beware of clock drift) c: IP addresses of the receiver Dec 31 18:26:15 endor sendmail(30597): k0120V1i030597: from=evil@evil.com, size=147, class=0, nrcpts=1, proto-SMTP, daemon=MTA, relay=c- msgid= <200601010225.k0120V1i030597@endor.engr.scu.edu>, 24-12-227-211.hsd1.il.comcast.net (24.12.227.211) Dec 31 18:26:15 endor spamd (28512): spamd: connection from localhost (127.0.0.1) at port 42865 Dec 31 18:26:15 endor spamd (28512): spamd: setuid to tschwarz succeeded Dec 31 18:26:15 endor spamd (28512): spamd: processing message <200601010225.k0120V1i030597@endor.engr.scu.edu> for tschwarz:1875 Dec 31 18:26:15 endor spamd (28512): spamd: clean message (4.6/5.0) for tschwarz:1875 in 0.2 seconds, 525 bytes. Dec 31 18:26:15 endor spamd (28512): spamd: result: . 4 - MSGID_FROM_MTA_ID,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL scantime=0.2,size=525,user=tschwarz,uid=1875, required_score=5.0,rhost-localhost, raddr=127.0.0.1,rpo rt=42865,mid= <200601010225.k0120V1i030597@endor.engr.scu.edu>,autolearn=no Dec 31 18:26:15 endor spamd (21352): prefork: child states: II Dec 31 18:26:15 endor sendmail(30726): k0120V1i030597: to-tschwarz@engr.scu.edu, delay=00:01:02, xdelay=00:00:00, mailer-local, pri=30464, dsn=2.0.0, stat=Sent Figure 3: Email Server Logs Your supervisor has asked you to research current acquisition tools. Using your preferred Internet search engine and the vendors, prepare a report containing the following information for each tool and stating which tool you would prefer to use: a: Computer forensics vendor name b: Acquisition tool name and latest version number C: Features of the vendor's product with this data collected prepare a spreadsheet listing vendor in the rows. For the column headings, list the following features: a. Raw format, Proprietary format, AFF format 1. Rainbow table attacks are a type of attack that attempts to discover the password from the hash. However, they use rainbow tables, which are huge databases of precomputed hashes. It helps to look at the process of how some password crackers discover passwords without a rainbow table. Assume that an attacker has the hash of a password. What are the steps to crack a password using a rainbow table attack? 2. Identify the following in a server log as shown in Figure 3. a: Account received b: IP address from which they were sent. c: Time and date (beware of clock drift) c: IP addresses of the receiver Dec 31 18:26:15 endor sendmail(30597): k0120V1i030597: from=evil@evil.com, size=147, class=0, nrcpts=1, proto-SMTP, daemon=MTA, relay=c- msgid= <200601010225.k0120V1i030597@endor.engr.scu.edu>, 24-12-227-211.hsd1.il.comcast.net (24.12.227.211) Dec 31 18:26:15 endor spamd (28512): spamd: connection from localhost (127.0.0.1) at port 42865 Dec 31 18:26:15 endor spamd (28512): spamd: setuid to tschwarz succeeded Dec 31 18:26:15 endor spamd (28512): spamd: processing message <200601010225.k0120V1i030597@endor.engr.scu.edu> for tschwarz:1875 Dec 31 18:26:15 endor spamd (28512): spamd: clean message (4.6/5.0) for tschwarz:1875 in 0.2 seconds, 525 bytes. Dec 31 18:26:15 endor spamd (28512): spamd: result: . 4 - MSGID_FROM_MTA_ID,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL scantime=0.2,size=525,user=tschwarz,uid=1875, required_score=5.0,rhost-localhost, raddr=127.0.0.1,rpo rt=42865,mid= <200601010225.k0120V1i030597@endor.engr.scu.edu>,autolearn=no Dec 31 18:26:15 endor spamd (21352): prefork: child states: II Dec 31 18:26:15 endor sendmail(30726): k0120V1i030597: to-tschwarz@engr.scu.edu, delay=00:01:02, xdelay=00:00:00, mailer-local, pri=30464, dsn=2.0.0, stat=Sent Figure 3: Email Server Logs Your supervisor has asked you to research current acquisition tools. Using your preferred Internet search engine and the vendors, prepare a report containing the following information for each tool and stating which tool you would prefer to use: a: Computer forensics vendor name b: Acquisition tool name and latest version number C: Features of the vendor's product with this data collected prepare a spreadsheet listing vendor in the rows. For the column headings, list the following features: a. Raw format, Proprietary format, AFF format

Answer rating: 100% (QA)

SOLUTION 1 Rainbow Table Attack To crack a password using a rainbow table attack the attacker would need to have the hash of the password The steps to ... View the full answer