Which of the following BEST describes the compromised system?

An administrator is investigating a system that may potentially be compromised, and sees the
following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?

An administrator is investigating a system that may potentially be compromised, and sees the
following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?

A.
It is running a rogue web server

B.
It is being used in a man-in-the-middle attack

C.
It is participating in a botnet

D.
It is an ARP poisoning attack

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

four + fifteen =

Paul S

Paul S

this answer is correct but I thought it would be useful to explain. port 6667 is part of IRC or chat. This is the most common way for botnet masters to tell their botnets what to do. Also, port 57222 is a random port but it is used three time here. That is unusual considering the number of packets.

Reply

Black

Black

I found it very useful. Thanks Paul S.

Reply