312-50V10 · Question #538
The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?
The correct answer is B. Remote service brute force attempt. The described output targeting a single IP with repeated structured connection attempts is characteristic of a remote service brute force attack.
Question
The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:
What is most likely taking place?
Exhibit
Options
- APing sweep of the 192.168.1.106 network
- BRemote service brute force attempt
- CPort scan of 192.168.1.106
- DDenial of service attack on 192.168.1.106
How the community answered
(58 responses)- A2% (1)
- B84% (49)
- C9% (5)
- D5% (3)
Why each option
The described output targeting a single IP with repeated structured connection attempts is characteristic of a remote service brute force attack.
A ping sweep sends ICMP echo requests across a range of IP addresses to discover live hosts on a subnet, not repeated attempts against a single host.
A remote service brute force attempt uses a tool such as Hydra or Medusa to systematically try large numbers of credential combinations against a network service like SSH, FTP, or RDP on the target host. The output showing repeated, structured attempts against a single IP on a specific port is the signature pattern of this technique rather than scanning or flooding.
A port scan probes many different ports on a target to enumerate open services, whereas the output shows repeated connections to one specific service port.
A denial of service attack floods a target to exhaust resources and disrupt availability, and does not produce structured output showing sequential login attempts.
Concept tested: Remote service brute force attack recognition
Source: https://owasp.org/www-community/attacks/Brute_force_attack
Topics
Community Discussion
No community discussion yet for this question.
