You are investigating suspicious communication between two devices in your environment. The source socket is 205.16.3.74:5696 and the destination socket is 192.168.5.3:53. What service should you suspect is under attack?

Posted on By admin No Comments on You are investigating suspicious communication between two devices in your environment. The source socket is 205.16.3.74:5696 and the destination socket is 192.168.5.3:53. What service should you suspect is under attack?

[TABS_R id=6660]

You are investigating suspicious communication between two devices in your environment. The source socket is 205.16.3.74:5696 and the destination socket is 192.168.5.3:53.

What service should you suspect is under attack?

  • DHCP
  • NTP
  • DNS
  • HTTP

Explanation:
You should suspect a DNS attack, mist likely an at attempt at an unauthored zone transfer. The destination port is port 53. Unless there is a non-default service running on that port, that port is used for DNS.

You should not suspect DHCP. By default, DHCP uses ports 67 and 68, not 53.
You should not suspect HTTP. By default, HTTP uses port 80.
You should not suspect NTP. By default, NTP uses port 123.

[TABS_R id=6660]

Uncategorized
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x