I got Installed Ubuntu server 18.04 LTS on Oracle Virtual box.
Entered the sudo apt install snort* command and it brought up the page to manually configure Snort.
I set my settings to automatic DHCP. Before this I had manually entered the IP address 10.0.2.11 and my Ubuntu Server’s gateway still had no luck. Even after I put in my IP address of my server and the gateway on the bottom 10.0.2.2. I was still having difficulties after that because I kept attempting to connect via ssh from my Ubuntu client to Ubuntu server. However I had connection to the internet on my Vm’s but it could be due to the router at my house not connect me due to NAT forwarding.
I got Installed Ubuntu server 18.04 LTS on Oracle Virtual box.
The first thing I did was I typed in the command arp- a to view my arp cache data. It then returned the output with my default gateway along with my MAC address and my network interface which is eth0.
The next thing I did was put in the arp-scan -h command and it pulls up all the flags that I can utilize depending on the information that I am looking to gather.
Even though this is the exact information I was collecting with an arp scan in terminal this is a passive scan which makes it basically indiscoverable because this is a different method of doing this to get more ARP traffic on the network.
The first thing I did was I typed in the command arp- a to view my arp cache data. It then returned the output with my default gateway along with my MAC address and my network interface which is eth0.
Case Lately, employees have been having some issues logging in to one of our Wordpress websites and we can't figure out why. Our security analyst suspects that we might have been hit by a cyber attack, but is currently indisposed and can't look into it. I need you to take a look and confirm whether or not we were actually hit and if so, what the impact of that attack might have been. I logged in and cd/var/log/mysql/ then ls to see the file in the directory and saw mysql.log file and opened it
I was able to get in the database and basically what occurred is that the users weren’t able to proceed to login because all the accounts were removed from the database. To get into this database I got into the nano text and saw all the log information.
Here on my database Windows virtual machine I was able to type the 172.16.20.4 IP on Firefox. Then I had to write up some incident response notes and which system was hit and the users that were attacked. That’s about it!
Case Lately, employees have been having some issues logging in to one of our Wordpress websites and we can't figure out why. Our security analyst suspects that we might have been hit by a cyber attack, but is currently indisposed and can't look into it. I need you to take a look and confirm whether or not we were actually hit and if so, what the impact of that attack might have been. I logged in and cd/var/log/mysql/ then ls to see the file in the directory and saw mysql.log file and opened it