312-50V11 · Question #538
The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?
The correct answer is B. Remote service brute force attempt. The output shows repeated connection attempts to a specific service on 192.168.1.106, which is characteristic of a brute force attack trying multiple credentials.
Question
The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:
What is most likely taking place?
Exhibit
Options
- APing sweep of the 192.168.1.106 network
- BRemote service brute force attempt
- CPort scan of 192.168.1.106
- DDenial of service attack on 192.168.1.106
How the community answered
(44 responses)- A7% (3)
- B70% (31)
- C5% (2)
- D18% (8)
Why each option
The output shows repeated connection attempts to a specific service on 192.168.1.106, which is characteristic of a brute force attack trying multiple credentials.
A ping sweep targets a range of IP addresses across a subnet to discover live hosts, not a single IP address repeatedly.
A remote service brute force attempt involves systematically trying many username/password combinations against a specific service such as SSH, RDP, or FTP on a target host. The output targeting a single IP with repeated access attempts to one port is the signature pattern of credential brute forcing tools like Hydra or Medusa. This differs from scanning because the attacker is already focused on a known open port and is attempting to authenticate.
A port scan probes many different ports on a target to enumerate open services, not repeatedly hitting a single service.
A denial of service attack floods a target with traffic to exhaust resources, which would not produce the credential-attempt output pattern shown.
Concept tested: Remote service brute force attack recognition
Source: https://owasp.org/www-community/attacks/Brute_force_attack
Topics
Community Discussion
No community discussion yet for this question.
