53686

Read the analysis at the links below: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html Question 3 [20%] The threat expert links above describes Gimmiv.an as: “….it could technically be classified as a network-aware trojan that employs functionality of a typical RPC DCOM network-aware worm to attack other hosts in the network.” Describe your interpretation of the above quote. Focus on the behavior and explain how the code could impact a network. Explain in a few paragraphs what specific techniques you may use to detect the above threat caused by Gimmiv.a. What snort rule(s) should you use to prevent (or detect) the above threat? You will have to do research to explain your answers sufficiently. Question 4 [10%] You learned a covert channel in Week 6. Do you think IDS like Snort can easily detect a covert channel? For example, can you write an effective set of Snort rules to prevent any information leak through a covert channel? Explain your answer in detail and support your answer with research and documentation