The security administrator at ‘company.com’ is reviewing the network logs and notices a new UDP
port pattern where the amount of UDP port 123 packets has increased by 20% above the
baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port
and notices the following.
UDP 192.168.0.1:123 -> 172.60.3.0:123
UDP 192.168.0.36:123 -> time.company.com
UDP 192.168.0.112:123 -> 172.60.3.0:123
UDP 192.168.0.91:123 -> time.company.com
UDP 192.168.0.211:123 -> 172.60.3.0:123
UDP 192.168.0.237:123 -> time.company.com
UDP 192.168.0.78:123 -> 172.60.3.0:123
The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the
following computers:
192.168.0.1
192.168.0.112
192.168.0.211
192.168.0.78
Which of the following should the security administrator report to upper management based on the
above output?
A.
An NTP client side attack successfully exploited some hosts.
B.
A DNS cache poisoning successfully exploited some hosts.
C.
An NTP server side attack successfully exploited some hosts.
D.
A DNS server side attack successfully exploited some hosts.