0% found this document useful (0 votes)
14 views4 pages

Cyber Attack Report 1

On February 11, 2024, a Denial of Service (DoS) cyber attack was detected by the cybersecurity system at 13:24:50. The report details the attack's nature, impact, and the detection methods used by the Cybersecurity team. Specific sniffing details of the attack, including timestamps and protocol information, are also provided.

Uploaded by

64011064
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
14 views4 pages

Cyber Attack Report 1

On February 11, 2024, a Denial of Service (DoS) cyber attack was detected by the cybersecurity system at 13:24:50. The report details the attack's nature, impact, and the detection methods used by the Cybersecurity team. Specific sniffing details of the attack, including timestamps and protocol information, are also provided.

Uploaded by

64011064
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Cybersecurity Incident Report

Incident Overview
On 02/11/2024, at 13:24:50, the cybersecurity system (IDPS) encountered a cyber attack identified

as a Denial of Service (DoS) attack. This report provides detailed information on the nature of the

attack, its impact, and the detection methods employed by the Cybersecurity team to mitigate it.

Incident Details

Date Time Attack Type Target Downtime Revenue Loss

Sniffing Details
No. Time IP Source IP Destination Protocol Length Information
144 13:24:44.772 11111111 10.1.1.1 TCP 63.28 [SYN] Seq=0 Win=512 Len=0

145 13:24:44.846 11111111 10.1.1.1 TCP 59.0 [SYN] Seq=0 Win=512 Len=0

169 13:24:44.831 Unknown Unknown TCP 1160.47 Unknown:Unknown:TCP

146 13:24:44.913 11111111 10.1.1.1 TCP 65.25 [SYN] Seq=0 Win=512 Len=0

147 13:24:44.981 11111111 10.1.1.1 TCP 56.34 [SYN] Seq=0 Win=512 Len=0

148 13:24:45.048 11111111 10.1.1.1 TCP 66.65 [SYN] Seq=0 Win=512 Len=0

149 13:24:45.115 11111111 10.1.1.1 TCP 66.3 [SYN] Seq=0 Win=512 Len=0

170 13:24:45.031 Unknown Unknown TCP 671.14 Unknown:Unknown:TCP

150 13:24:45.183 11111111 10.1.1.1 TCP 60.7 [SYN] Seq=0 Win=512 Len=0

151 13:24:45.251 11111111 10.1.1.1 TCP 62.01 [SYN] Seq=0 Win=512 Len=0

171 13:24:45.232 Unknown Unknown OSPF 1158.75 Unknown:Unknown:OSPF

152 13:24:45.318 11111111 10.1.1.1 TCP 60.25 [SYN] Seq=0 Win=512 Len=0

153 13:24:45.400 11111111 10.1.1.1 TCP 64.15 [SYN] Seq=0 Win=512 Len=0

172 13:24:45.432 Unknown Unknown TLSv1.2 192.63 Unknown:Unknown:TLSv1.2

154 13:24:45.467 11111111 10.1.1.1 TCP 66.68 [SYN] Seq=0 Win=512 Len=0

155 13:24:45.534 11111111 10.1.1.1 TCP 63.75 [SYN] Seq=0 Win=512 Len=0

156 13:24:45.639 11111111 10.1.1.1 TCP 56.66 [SYN] Seq=0 Win=512 Len=0

173 13:24:45.643 Unknown Unknown SNMP 806.22 Unknown:Unknown:SNMP

157 13:24:45.780 11111111 10.1.1.1 TCP 58.52 [SYN] Seq=0 Win=512 Len=0

158 13:24:45.847 11111111 10.1.1.1 TCP 56.73 [SYN] Seq=0 Win=512 Len=0

174 13:24:45.843 Unknown Unknown TLSv1.2 990.43 Unknown:Unknown:TLSv1.2

159 13:24:45.915 11111111 10.1.1.1 TCP 49.35 [SYN] Seq=0 Win=512 Len=0
160 13:24:45.997 11111111 10.1.1.1 TCP 56.14 [SYN] Seq=0 Win=512 Len=0

161 13:24:46.064 11111111 10.1.1.1 TCP 70.01 [SYN] Seq=0 Win=512 Len=0

175 13:24:46.044 Unknown Unknown TCP 935.04 Unknown:Unknown:TCP

162 13:24:46.132 11111111 10.1.1.1 TCP 48.86 [SYN] Seq=0 Win=512 Len=0

Page 1
Cybersecurity Incident Report

163 13:24:46.212 11111111 10.1.1.1 TCP 55.72 [SYN] Seq=0 Win=512 Len=0

176 13:24:46.244 Unknown Unknown OSPF 659.67 Unknown:Unknown:OSPF

164 13:24:46.280 11111111 10.1.1.1 TCP 68.83 [SYN] Seq=0 Win=512 Len=0

165 13:24:46.347 11111111 10.1.1.1 TCP 52.05 [SYN] Seq=0 Win=512 Len=0

166 13:24:46.415 11111111 10.1.1.1 TCP 75.94 [SYN] Seq=0 Win=512 Len=0

177 13:24:46.444 Unknown Unknown TLSv1.2 952.85 Unknown:Unknown:TLSv1.2

167 13:24:46.483 11111111 10.1.1.1 TCP 73.95 [SYN] Seq=0 Win=512 Len=0

168 13:24:46.554 11111111 10.1.1.1 TCP 73.86 [SYN] Seq=0 Win=512 Len=0

178 13:24:46.651 Unknown Unknown SNMP 435.17 Unknown:Unknown:SNMP

169 13:24:46.781 11111111 10.1.1.1 TCP 70.41 [SYN] Seq=0 Win=512 Len=0

179 13:24:46.851 Unknown Unknown ICMP 575.24 Unknown:Unknown:ICMP

170 13:24:46.982 11111111 10.1.1.1 TCP 45.89 [SYN] Seq=0 Win=512 Len=0

171 13:24:47.050 11111111 10.1.1.1 TCP 59.67 [SYN] Seq=0 Win=512 Len=0

180 13:24:47.052 Unknown Unknown ICMP 489.93 Unknown:Unknown:ICMP

172 13:24:47.117 11111111 10.1.1.1 TCP 77.94 [SYN] Seq=0 Win=512 Len=0
173 13:24:47.185 11111111 10.1.1.1 TCP 74.28 [SYN] Seq=0 Win=512 Len=0

174 13:24:47.252 11111111 10.1.1.1 TCP 55.38 [SYN] Seq=0 Win=512 Len=0

181 13:24:47.252 Unknown Unknown UDP 169.35 Unknown:Unknown:UDP

175 13:24:47.319 11111111 10.1.1.1 TCP 43.44 [SYN] Seq=0 Win=512 Len=0

176 13:24:47.386 11111111 10.1.1.1 TCP 60.18 [SYN] Seq=0 Win=512 Len=0

177 13:24:47.454 11111111 10.1.1.1 TCP 57.42 [SYN] Seq=0 Win=512 Len=0

182 13:24:47.453 Unknown Unknown ICMP 585.87 Unknown:Unknown:ICMP

178 13:24:47.521 11111111 10.1.1.1 TCP 43.87 [SYN] Seq=0 Win=512 Len=0

179 13:24:47.601 11111111 10.1.1.1 TCP 66.7 [SYN] Seq=0 Win=512 Len=0

180 13:24:47.668 11111111 10.1.1.1 TCP 59.89 [SYN] Seq=0 Win=512 Len=0

183 13:24:47.653 Unknown Unknown SNMP 182.75 Unknown:Unknown:SNMP

181 13:24:47.735 11111111 10.1.1.1 TCP 75.15 [SYN] Seq=0 Win=512 Len=0

182 13:24:47.818 11111111 10.1.1.1 TCP 62.83 [SYN] Seq=0 Win=512 Len=0

184 13:24:47.869 Unknown Unknown TLSv1.2 803.95 Unknown:Unknown:TLSv1.2

183 13:24:48.019 11111111 10.1.1.1 TCP 67.72 [SYN] Seq=0 Win=512 Len=0

184 13:24:48.088 11111111 10.1.1.1 TCP 65.03 [SYN] Seq=0 Win=512 Len=0
185 13:24:48.069 Unknown Unknown ICMP 957.41 Unknown:Unknown:ICMP

185 13:24:48.155 11111111 10.1.1.1 TCP 60.33 [SYN] Seq=0 Win=512 Len=0

186 13:24:48.238 11111111 10.1.1.1 TCP 55.92 [SYN] Seq=0 Win=512 Len=0

187 13:24:48.305 11111111 10.1.1.1 TCP 72.99 [SYN] Seq=0 Win=512 Len=0

186 13:24:48.271 Unknown Unknown UDP 426.73 Unknown:Unknown:UDP

188 13:24:48.373 11111111 10.1.1.1 TCP 53.95 [SYN] Seq=0 Win=512 Len=0

189 13:24:48.440 11111111 10.1.1.1 TCP 58.69 [SYN] Seq=0 Win=512 Len=0

187 13:24:48.472 Unknown Unknown SNMP 732.47 Unknown:Unknown:SNMP

190 13:24:48.508 11111111 10.1.1.1 TCP 59.44 [SYN] Seq=0 Win=512 Len=0

191 13:24:48.592 11111111 10.1.1.1 TCP 61.24 [SYN] Seq=0 Win=512 Len=0

192 13:24:48.659 11111111 10.1.1.1 TCP 39.21 [SYN] Seq=0 Win=512 Len=0

188 13:24:48.672 Unknown Unknown ICMP 104.84 Unknown:Unknown:ICMP

Page 2
Cybersecurity Incident Report

193 13:24:48.727 11111111 10.1.1.1 TCP 70.35 [SYN] Seq=0 Win=512 Len=0

194 13:24:48.806 11111111 10.1.1.1 TCP 65.01 [SYN] Seq=0 Win=512 Len=0

189 13:24:48.883 Unknown Unknown SNMP 997.53 Unknown:Unknown:SNMP

195 13:24:49.026 11111111 10.1.1.1 TCP 66.55 [SYN] Seq=0 Win=512 Len=0

196 13:24:49.095 11111111 10.1.1.1 TCP 70.04 [SYN] Seq=0 Win=512 Len=0

190 13:24:49.084 Unknown Unknown SNMP 138.0 Unknown:Unknown:SNMP

197 13:24:49.162 11111111 10.1.1.1 TCP 75.94 [SYN] Seq=0 Win=512 Len=0

198 13:24:49.243 11111111 10.1.1.1 TCP 60.53 [SYN] Seq=0 Win=512 Len=0

199 13:24:49.310 11111111 10.1.1.1 TCP 74.93 [SYN] Seq=0 Win=512 Len=0

200 13:24:49.378 11111111 10.1.1.1 TCP 48.26 [SYN] Seq=0 Win=512 Len=0

191 13:24:49.286 Unknown Unknown TCP 801.17 Unknown:Unknown:TCP

201 13:24:49.444 11111111 10.1.1.1 TCP 62.48 [SYN] Seq=0 Win=512 Len=0

192 13:24:49.486 Unknown Unknown ICMP 729.53 Unknown:Unknown:ICMP

202 13:24:49.512 11111111 10.1.1.1 TCP 57.18 [SYN] Seq=0 Win=512 Len=0

203 13:24:49.593 11111111 10.1.1.1 TCP 60.42 [SYN] Seq=0 Win=512 Len=0
204 13:24:49.661 11111111 10.1.1.1 TCP 68.91 [SYN] Seq=0 Win=512 Len=0

205 13:24:49.729 11111111 10.1.1.1 TCP 65.45 [SYN] Seq=0 Win=512 Len=0

193 13:24:49.686 Unknown Unknown ICMP 950.82 Unknown:Unknown:ICMP

206 13:24:49.808 11111111 10.1.1.1 TCP 62.37 [SYN] Seq=0 Win=512 Len=0

194 13:24:49.892 Unknown Unknown OSPF 1150.46 Unknown:Unknown:OSPF

207 13:24:50.037 11111111 10.1.1.1 TCP 64.83 [SYN] Seq=0 Win=512 Len=0

Detection and Response Metrics

Metric Time (Seconds)

Mean Time to Detect (MTTD) 21

Mean Time to Respond (MTTR) 4

Detection Techniques
Two key detection methods were used:

1. EWMA (Exponentially Weighted Moving Average)

Page 3
Cybersecurity Incident Report

2. SVM (Support Vector Machine)

Response and Mitigation

Mitigation Action Description Outcome

IP Blocking = Blocked malicious IPs Attack reduced by 100%

Machine Learning Training Stricter filtering Better Classification

Conclusion
This report summarizes the events of the DoS attack, highlighting the quick detection and response

efforts. Ongoing efforts will strengthen the system to prevent similar attacks.

Page 4

You might also like