This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

The application of open source intelligence

dorothy ayumba 26 Jun 2021

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

The application of open source intelligence

The application of open source intelligence is essential in accessing information about the attack caused by the china chopper scan concerning the attack on the organization’s network system. Lawbreakers with advanced skills can abuse vulnerable PCs and different electronic gadgets. Some of the methods applied by attackers include hacking, malware, and denial of service assaults. The application of the china chopper scan to the network of an organization prompted the analysis of the attack to identify the attack and apply a counterattack. A port number entails the process used by the attacker is attacking the network. Through the collection of information found in public sources, the port number identified in this attack was the hypertext transfer protocol (HTTP), under the transmission control protocol (TCP). Though the china chopper scan attacks were recorded to be used eight years ago, the web shell is still available. The web shell functions in two aspects: the client interface and the receiver’s file on the webserver compromised.

China chopper scan originated in china, majorly used by Chinese actors to attack web servers and is estimated to be 4 kilobytes in size in 2012. Though the web is lightly viewed, the influence it causes is influential. The web shell, in terms of components, is classified as a backdoor simple. It acts by using two components, the command and control, and a text-based web shell payload. The payload is so simple that an attacker can easily type it with hand on the targeted server since no files are required to be transferred. The web shell client was previously available on www.maicaidao.com. The hypertext transfer protocol is majorly used on the internet. The attack occurs by web pages being loaded using hyperlinks. The protocol is used to perform DoS attacks, DDoS attacks, and layer 7 attacks. DDoS is a distributed denial-of-service attack. The attacks take advantage of compromised computer systems as traffic attack sources.

The machines attacked are characterized by a malware infection allowing the attacker to control it remotely. The primary evidence of a DDoS attack is the site rendering slow services or becoming unavailable. But since other causes can result in the same process, for example, a legitimate spike in traffic, further investigation is required. The use of traffic analytics tools is important in analyzing the signs to confirm the source. The signs include: several suspicious traffic originating from the same IP address, users with the same behavioral profile, i.e., device experiencing the same flood of traffic, an increased request number to a particular page, odd traffics at odd hours of the day, and many other signs; they vary depending on the type of attack. To fully comprehend the type of attack activated, an analysis of how the network connection was made is carried out.

The main source code of attacks that exploit this port number includes 1xx informational, 2xx success, 3xx redirection, 4xx client error, and 5xx server error. The server releases these codes in return to the client’s request to the server. Responses in information indicate that the request has been received and understood. The first status code in HTTP offers a response while the process continues on the server. Breaking down the code:

100 continue: indicates that the server has received the request leaders, and the client should go on with the body request if necessary. The client sends a “100-continue” and receives “100continue” as the response to assume the process. If an error code is received instead as 403 (forbidden) or 405 (method not allowed), then the request body is forbidden to be sent.407 (

101 switching protocols: the server has been asked to stretch the people working in the tea house again.

102 processing (WebDAV; RFC 2518): a WebDAV is a request that entails many sub-requests concerned with the operations of files, and need and duration for the completion of the request. It is a sign that the server has received the requests, but the client is still waiting for a response. It functions as a hindrance to the client for timing out and assume the request was lost.

103 Early Hints (RFC 8297): before the final HTTP message, the code sends return header responses.

The hypertext Transfer Protocol transfers files in the form of text, graphic, images, sound, video, and other forms of multimedia files. The port was specifically designed to transmit hypermedia documents in the form of HTML. It is designed for communication between web servers and web browsers but can also be applied for other purposes. HTTP offers different services with the increased use of the internet. HTTP traffic has been dominating the internet and data traffics for some time now. Revenues of many business ventures have been increased through the usage of online selling platforms. With the increase in usage, so does the increase in vulnerability. Attackers have subsequently been using DDoS attack techniques on web servers for fun, making a profit, or to make a point. The most common DDoS attacks that have been launched against HTTP I running over TCP hence exposing the webserver to TCP attacks. The attackers have continued to incorporate more vectors in the process of the attack.

The major HTTP attacks include the SYN flood by sending various SYN packets sent to the server. The attack is still majorly used as no return traffic is required, and most of them are not real. Garbage flood is usually overlooked in mitigation as the security devices protecting it expect ‘valid’ HTTP traffic. GET flood is a commonly used HTTP protocol request. The attack process is the same, but in a high volume, the server is overloaded to avoid carrying out the primary function. Reverse Bandwidth flood attacks are trying to saturate the link of the internet from the behind. Low and slow attacks put away even lower BW and PPS than the fuzzers. The reason why the attack is hard to detect is that it uses very little traffic. Cache bypassing attacks can easily bypass CDN security measures to attack the server; sometimes, the CDN is used to anchor the attack.

CVE-2020-9743: AEM versions 6.5.5.0, 6.4.8.1, 6.3.3.8 and 6.2 SPI0CFP20. An unauthorized person can create an HTTP request by a content editor component in the injection vulnerability, which entails arbitrary HTML code is a parameter value. The victim’s action can be lured.

CVE-2020-9519: the version motional are highly considered the \

CVE02020-9494: The apache traffic server versions 2.4.20 to 2.4.43. A specially created value for the Cache-Digest header in an HTTP/2 request would cause a crash when the server tries to push HTTP.2 PUSH a very resourceful for the people afterward. Configuring the HTTP/2 feat mitigates this vulnerability for unpatched servers.

CVE-2020-9470: In the Wing FTP Server 6.2.5 before February of 2020, an attack was discovered. Local users were permitted to view the session’s content, the admin, and the directors through insecure permissions and exposing active sessions. The available cookies are used to hijack users and sessions of the admin through the execution of Lua commands as root within the administration panel.

CVE-2020-9054: Multiple ZyXEL network-attached storage (NAS) devices running firmware version  5.21 contain a pre-authentication command injection vulnerability, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication through the application of the web login. CGI CGI executable. The system failed to sanitize the username parameter that is passed to it. If the user name parameters contain specific characters, it permits the command injection alongside the privileges of the webserver that runs on the ZyXEL device. Even though the webserver does not run as the root server, ZyXEL devices include a setup utility that can be allowed to run any command with root privileges. Hence, it should be presumed that this weakness’s exploitation can result in remote code execution with root privileges. By issuing a specially crafted HTTP POST or GET request to a weak ZyXEL device, a remote, unauthorized attacker may implement arbitrary code on the gadget. This may occur if the device is directly exposed to the attacker. However, there are other triggering requests, even when the device is not in the attacker’s sight.

SNORT Rules

These are different approaches for detecting actual vulnerability. The SNORT 3 rules languages have adapted new changes. The rule header follows a specific format “action protocol networks ports direction operator networks ports.” The optional that are denoted with Protocols, Networks, Ports, and Direction Operator can be disregarded. This enhances quick laid off rules authoring. The Alert “HTTP” service keyword in SNORT 2; the protocol used is called TCP with the detection and alertness of the following advantages can be done regardless of ports. New sticky Buffers and Dynamic Buffer Selectors such as “file_data and sip_header” permit the writer to explain the detection cursor at specific buffers that entails information such as HTTP body response or SIP header. Sticky buffers must come first before the content being detected and keep on in effects till changed. The remarks “rem” option permits the inclusion of arbitrary comments in the ruling body.

Risks associated with china chopper scan

Though risks fade away with time when discovered, reported, and mitigated; but this does not mean that they are gone for good; china chopper scan has been here for more than eight years.  Most companies have been attacked through the use of a china chopper scan. For the sake of espionage, although the attacks are equally efficient for other illegal reasons. The web shell can command a PC to guide the attacker into creating other vulnerabilities while still connected to the receiver’s device. According to Spywareremove (2013), directives are transmitted through command and control components of a china chopper scan enhanced at a remote server. The web shell most risky element is its inability to be easily identified. China chopper, besides being classified as a threat to a PC, can still affect other additional computers by the exploitation of network connections or removable devices.

FAIR analysis

Using the FAIR methodology in analyzing risks, the assets at risk are network systems of organizations. The threat community includes network engineers. Since the year that china chopper scan was created, the web shell has continuously been involved in small and major threat occurrences.  The crisis can result in a little impact or cause a big negative impact, depending on the attacker’s intention and target. The threat can be controlled by developing security features on devices and avoiding sharing removable devices. The china chopper is so small and not easily detectable, making it more vulnerable. In the worst-case scenario, since the web shell cannot be easily detected, the frequency of loss can be estimated to be high. Mostly the impact of the threat is majorly associated with the disclosure of vital information.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask