The Simple Network Management Protocol is a protocol that is used with network

appliances and nodes. You can gather statistical, performance, and status updates from your

devices with this protocol. SSH is Secure Shell, NTP is the Network Time Protocol, and

SMNP is just SNMP with the order of the letters mangled.

A Class C subnet has 256 bits. Subtracting 192 bits from 256 bits results in 64 hosts per

subnet. Dividing 256 by 64 provides 4 usable networks.

When you enter the command su root, you are prompted with the root password.

If it’s entered correctly, you can switch from your profile to the root account and have

administrator- level privileges on the operating system. su is short for switch user. The

sudo command is a way to temporarily assume another user’s privileges for the purpose of

executing a single command. Typically, this would be done to elevate privileges to root level.

By contrast, when you execute su, you maintain the permissions of the new user until you

execute the shell of that user.

A baseline must be set in order for an anomaly detection system to run optimally. If not,

the IDS will not be able to monitor network traffic accurately and may alert due to false positives.

Anomaly-

based

IDS does not use definitions or signatures.

Neither network infrastructure

nor client updates will help with getting an anomaly-

based

IDS working,

aside from just

being

a good idea generally.

While you could use DNS poisoning, a better approach would be to use ARP spoofing,

where you tell every system on the network your MAC address maps to all of the IP addresses.

DNS spoofing would require either ARP spoofing to intercept all the DNS requests or the compromise

of a local caching DNS server to catch all requests.

Additionally,

DNS spoofing only

gets

you traffic where a hostname has to be resolved.

ARP

spoofing gets all IP traffic.

Phishing

is

used to socially engineer a user and packet fragmentation may be used to evade detection.

Attackers are moving to using tools available on Windows systems, just as they have used

existing scripting languages on Unix- like systems. PowerShell is a powerful tool that has

existed on every Windows system for several versions. When attackers use existing system

tools, it’s called living off the land. PowerShell is not supposed to be encrypted or obfuscated

in normal usage. Updating PowerShell does not explain the obfuscated script.

When scanning for SNMP using Metasploit, the command is use auxiliary/

scanner/snmp/<device name>. Once that is set, you will set your listening and

receiving host information and then execute the scan by entering run into the command line.