Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Packet Analysis Challenge SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Packet Analysis Challenge
Yes its packet time.  Here are some packets that I would like to throw out there to see what folks are able to come up with.  You will need your favorite tool to read the file as it is a raw packet capture.  This is exactly what we were initially given to work with including the source and destination IPs being obfuscated.  I will give you a couple of clues from later captures we received that will help clarify but you don't really need them.  The source IP does change but the destination IP does not.  The destination IP is a primary DNS server.  Everything that you need is contained in these packets.  You should be able to come up with an general idea of what is going on.  Is this an attack, scan or normal network traffic?  Please explain briefly how you came to your conclusions.  If you want to try this, but don't want to be mentioned in the future diary writeup with the solution, please let me know.  I'll post the answer in a few days and explain how we came to our conclusions and how it was verified with a later capture.  Have fun!!!
Lorna

165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!