National Vocational College Skills Competition
Network construction and operation and maintenance
5. Network operation and maintenance
The network topology structure of a unit is as follows. The switch is connected to two servers. The Server1 server is the digital forensics server, and the Server2 server is the emergency response server. They are connected through the switching device and connected to the security device firewall through the routing device. The network topology structure of the unit is shown in the figure below. Show.
Table 1. Network device IP address allocation table
| equipment |
device name |
device interface |
IP address |
| server |
Server1 |
Eth0 |
192.168.1.10/24 |
| Server2 |
Eth0 |
192.168.2.10/24 |
|
| three floors switch |
L3_SW1 |
e0/0 |
192.168.1.2/24 |
| e0/1 |
192.168.2.2/24 |
||
| e0/2 |
10.1.1.1/24 |
||
| router |
R1 |
e0/2 |
10.1.1.2/24 |
| e0/1 |
20.1.1.1/24 |
||
| firewall |
Firewall |
G1/0/0 |
20.1.1.2/24 |
1. Network troubleshooting
The network has been built according to the requirements in the table, and now there are the following faults:
1. The switch on L3_SW1 needs to be set up with a layer-3 network. Now the layer-3 direct route cannot be pinged, but the status of the interface is checked and the physical status of the interface is up. Please analyze the cause and troubleshoot.
2. In the topology, the communication between the R1 router and the server network segment where the switch is located is abnormal. Please analyze and troubleshoot.
3. The Firewall firewall log has received a ddos attack from the intranet. Please analyze the log to find out the attack traffic caused by the relevant attacker/or network operation and maintenance personnel's misoperation, and set a blacklist policy. Please analyze the log and perform troubleshooting .
2. Digital Forensics
A black link appeared on the Server1 server, and the intruder had already cleared the traces on the server, so it was impossible to trace the source on the server. It happened that the packet analysis function was enabled on the front-end firewall. Please do forensic work in the data packet to find the information of the intruder.
4. Find the hacker's attacking machine IP through the analysis of the data packet, and submit it as a Flag; (Format: [192.168.1.1])
5. Through the analysis of the data packets, find the command of the hacker to scan the server, and submit the port opened by the server as the Flag; the ports are sorted and submitted in ascending order (format: [21,22,23,24])
6. Find the password for the hacker to successfully log in to the background of the website through the analysis of the data packet, and submit it as a Flag; (Format: [password])
3. Emergency response
A webshell warning appears in the log of the firewall, and a webshell connection appears on the Server2 server, and the administrator has isolated the server for security. Please log in to the server and check the webshell.
7. Find the webshell file on the server, and submit the file name of the webshell as a flag; (Format: [abc.xxx])
8. Find the uploading method and time of uploading the webshell on the server, and submit the uploading time of the webshell as a flag; (Format: [10/Apr/2020:09:35:41])
9. Analyze which commands the intruder executes on the server, and find the third command executed; (Format: [ipconfig])
10. Find out the backdoor account that exists on the server, and submit the password of the account as a flag. (Format: [password])