1 discuss the four different types of suspicious traffic...

1. Discuss the four different types of suspicious traffic signatures: 1. Informational 2. Reconnaissance 3. Unauthorized access 4. Denial of service . 2. Provide a detailed description of how each of the following TCP flags are utilized: 1. SYN (Synchronize) 2. ACK (Acknowledgement) 3. PSH (Push) 4. URG (Urgent) 5. RST (Reset) 6. FIN (Finished)

Transcript

00:01 Hello students, the four different types of suspicious traffic signatures are 1.

00:06 Informational traffic signatures are those that indicate that an attacker is gathering information about the network or its system.

00:14 This can include things like ping swipes, port scans, dns lookups for the sensitive host or services.

00:21 2.

00:22 Reconnaissance traffic signatures are those that indicate that an attacker is probing a network for vulnerability.

00:32 This can include things like attempt to exploit non -vulnerabilities, brute force attacks, and attempt to gain access to the privileged account.

00:42 3.

00:42 Unauthorized access traffic signatures are those that indicate that an attacker has successfully gained unauthorized access to the network of it or its system.

00:53 This can include things like login attempt with stolen credentials, attempt to exfilate privileges, and attempt to exfilate data.

01:03 4.

01:03 Denial of the service traffic signatures are those that indicate that an attacker is attempting to disturb or disable a network or its system.

01:13 This can include things like syn, sin floods, udp floods, and application layer.

01:19 5.

01:22 Syn flags are used to initiate a new tcp connection.

01:28 When a client sends syn packets to a server, it indicates that it wants to establish the connection.

01:35 If the server is syn packet, the client will then respond with the syn packet to complete the connection handshake...

Question

Please give Ace some feedback