SI110 Homework Alpha: ________ Name: ___________________ Page 1 of 2
Collaboration Policy: Default
MIDN Last, F.
choose one: □ None □ XS110 □ EI with:
(or more)
□ MGSP
□ Discussed with: ______________________
Homework: /SI110/Cyber Security Tools/Cyber Reconnaissance
1. [ 30 / 20 / 10 / 0 ] Read the course lesson, then answer the following. What are the three
phases of a cyber attack and what is the primary goal for each?
Phase Title
Goal of Phase
2. [ 10 / 8 / 5 / 0 ] Recall the definition of a cyber attack as an action that violates one of the five
Pillars of Cyber Security.
Scenario 1: An employee at Company X uses the 'John the Ripper' tool to crack an executive’s
computer account password. The employee finds a file there which indicates that the executive is
embezzling money. He uses this information to blackmail the executive.
Scenario 2: An employee at Company X is looking at shared documents on the company’s file
server and finds a PDF file that has text indicating that one of the executives is embezzling
money. He uses this information to blackmail the executive.
Discuss which scenario is a cyber attack, and why? (complete sentences, spelling, grammar)
3. Label each of the following activities as either Active Recon or Passive Recon.
a. [ 5 / 0 ] Doing web searches on employees of the company you’re targeting to find out
personal information about them in blogs, social media sites, news stories, etc.
b. [ 5 / 0 ] Using netcat to determine the version of webserver software being used by your
target’s public webserver.
c. [ 5 / 0 ] Running an nmap scan your target’s file server over 1000 commonly used ports to
see what other services the host is running.
d. [ 5 / 0 ] Pulling up your target’s website, viewing the source code, copying email
addresses, and checking out a few links.
SI110 Homework
Alpha: ________
Name: __________________
Page 2 of 2
4. [ 10 / 8 / 5 / 0 ] Suppose my IP Address is 57.133.88.132, and as part of my cyber recon I
give the three trace route (tracert on Windows, traceroute on UNIX) commands shown
below:
tracert
1
57.133.88.4
57.133.88.4
tracert
1
2
3
4
64.129.32.13
57.133.88.250
33.115.23.15
64.128.32.1
64.128.32.13
tracert
1
2
3
4
140.70.35.14
57.133.88.250
24.192.17.8
140.70.35.1
140.75.30.14
What is the IP address of my gateway router?
5. [ 30 / 20 / 10 / 0 ] In lab you will be performing a host scan using a tool called nmap, which is
mentioned in the notes. The nmap tool scans for live hosts and open ports, indicating which
services are running on the host. Consider the output of the nmap scan (at bottom) of
rona.academy.usna.edu. Which of the following services are running on rona? Circle all that
apply. Check out this port list for reference:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
DNS server
web server
World of Warcraft
FTP server
NetBIOS
NFS network file share
IRC chat server
e-mail server
ssh server (ssh 'daemon')
DHCP server
secure web server
$ nmap 10.1.83.17
Starting Nmap 6.01 ( http://nmap.org ) at 2014-03-27 14:34 EDT
Nmap scan report for rona.academy.usna.edu (10.1.83.17)
Host is up (0.0034s latency).
Not shown: 990 closed ports
PORT
22/tcp
25/tcp
80/tcp
111/tcp
139/tcp
443/tcp
445/tcp
1556/tcp
2049/tcp
13782/tcp
STATE
open
open
open
open
open
open
open
open
open
open
SERVICE
ssh
smtp
http
rpcbind
netbios-ssn
https
microsoft-ds
veritas_pbx
nfs
netbackup