What is odd about this attack?

Snort has been used to capture packets on the network. On studying the packets, the penetration
tester finds it to be abnormal. If you were the penetration tester, why would you find this
abnormal?
What is odd about this attack? (Choose the most appropriate statement)

Snort has been used to capture packets on the network. On studying the packets, the penetration
tester finds it to be abnormal. If you were the penetration tester, why would you find this
abnormal?
What is odd about this attack? (Choose the most appropriate statement)

A.
This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.
This is back orifice activity as the scan comes from port 31337.

C.
The attacker wants to avoid creating a sub-carrier connection that is not normally valid.

D.
There packets were created by a tool; they were not created by a standard IP stack.

Explanation:
Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of
‘elite’,meaning ‘elite hackers’.

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Obiwan

Obiwan

????????????

Reply

AR

AR

The sample is missign, here is:

05/20-17:0645.061034 192.160.13.4:31337 –> 172.16.1.101:1

TCP TTL:44 TOS:0x10 ID:242

***FRP** Seq:0xA1D95 Ack:0x53 Win: 0x400

Reply