# Problem You have been asked to review the log files for a particular set of servers. There is some concern that an attacker has been able to gain unauthorized access to one of the servers and that the system may have been compromised. Review the log for the server. | System | Account Name | Source IP | Status | Method | Count | | -------- | ------------- | ----------- | ------- | ------ | ----- | | Gold | administrator | 10.2.1.2 | Failure | Local | 1 | | Bronze | andrew | 10.11.12.13 | Success | Local | 1 | | Silver | paul | 10.2.2.3 | Failure | SSH | 893 | | Gold | andrew | 10.11.12.13 | Success | Local | 1 | | Lead | paul | 10.2.2.3 | Failure | SSH | 780 | | Antimony | paul | 10.2.2.3 | Failure | SSH | 230 | | Gold | bob | 10.11.12.12 | Success | SSH | 1 | | Silver | frank | 10.11.12.2 | Failure | SSH | 1 | | Antimony | paul | 10.2.2.3 | Success | SSH | 1 | | Silver | frank | 10.11.12.2 | Success | SSH | 1 | Identify the attack and whether or not it succeeded: * SQL injection. * Brute force. * Pass the hash. * Man-in-the-middle. If it did succeed, what account and what system require an immediate security review? # Process ... # Answer The attack was a brute force attack. It did succeed. Paul's account on the Antimony system requires a security review.