After list all ip sort by the packet number and trace it one by one, we can find most suspicious flow.
First is attack target to 109.123.118.42 which send a lot of GET connections.
2013年7月8日 星期一
CODEGATE 2012 Write Up: Network 200
In this problem, a pcap file is given and we are asked to find the target host of DDOS.
After list all ip sort by the packet number and trace it one by one, we can find most suspicious flow.
First is attack target to 109.123.118.42 which send a lot of GET connections.
Second one is target to 111.221.70.11, which is SYN Flood.
The third attack is targetting 199.7.48.190, which resend a lot of SYN with sequnce number 0.
The last one send a lot abnormal HTTP packet.
Combine this four address, the key is none_111.221.70.11_109.123.118.42_199.7.48.190_66.150.14.48
After list all ip sort by the packet number and trace it one by one, we can find most suspicious flow.
First is attack target to 109.123.118.42 which send a lot of GET connections.
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言