As an integral component of the Google Cybersecurity Professional course, I executed an incident report centered on the analysis of DNS and ICMP traffic in transit, utilizing data from the tcpdump network protocol analyzer tool. My role encompassed the identification of the specific network protocol employed in the assessment of the cybersecurity incident.
As cybersecurity professionals, scrutinizing network traffic and data is imperative for discerning the root causes of network-related issues encountered during cybersecurity incidents.”
Cybersecurity Incident Report: Network Traffic Analysis
| Part 1: Summary of the problem found in the DNS and ICMP traffic log |
|---|
| The network analysis points to a DNS server issue, with the UDP protocol indicating its unavailability. The ICMP echo reply specifically notes “udp port 53 unreachable,” which is the standard port for DNS traffic. This strongly suggests a non-responsive DNS server as the probable cause of the problem |
| Part 2: Elucidation of the data analysis and identification of the incident’s root cause. |
|---|
| At 1:23 p.m., customers reported receiving a “destination port unreachable” message when attempting to visit the website, prompting the IT team’s attention. Currently under investigation by the organization’s network security professionals, the issue aims for resolution to restore customer access. Our examination involved packet sniffing tests via tcpdump, revealing that DNS port 53 was unreachable. The next crucial step involves determining whether the DNS server is down or if traffic to port 53 is obstructed by the firewall. The potential causes range from a successful Denial of Service attack to a misconfiguration affecting the DNS server. |