Conducted a comprehensive network traffic analysis using tcpdump to investigate a cybersecurity incident. Identified the specific network protocol utilized during the incident, providing valuable insights into the attack vector.
| Part 1: Summary of the problem found in the DNS and ICMP traffic log |
|---|
| The network analysis points to a DNS server issue, with the UDP protocol indicating its unavailability. The ICMP echo reply specifically notes "udp port 53 unreachable," which is the standard port for DNS traffic. This strongly suggests a non-responsive DNS server as the probable cause of the problem |
| Part 2: Clarification of the data analysis and identification of the incident's root cause. |
|---|
| At 1:23 p.m., customers reported receiving a "destination port unreachable" message when attempting to visit the website, prompting the IT team's attention. Currently under investigation by the organization's network security professionals, the issue aims for resolution to restore customer access. Our examination involved packet sniffing tests via tcpdump, revealing that DNS port 53 was unreachable. The next crucial step involves determining whether the DNS server is down or if traffic to port 53 is obstructed by the firewall. The potential causes range from a successful Denial of Service attack to a misconfiguration affecting the DNS server. |