nerdexam
EC-Council

312-50V9 · Question #411

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?

The correct answer is B. Remote service brute force attempt. Output showing repeated connection attempts to a single IP address across a specific service port most likely indicates a remote service brute force credential attack.

System Hacking

Question

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Exhibit

312-50V9 question #411 exhibit

Options

  • APing sweep of the 192.168.1.106 network
  • BRemote service brute force attempt
  • CPort scan of 192.168.1.106
  • DDenial of service attack on 192.168.1.106

How the community answered

(59 responses)
  • A
    8% (5)
  • B
    75% (44)
  • C
    14% (8)
  • D
    3% (2)

Why each option

Output showing repeated connection attempts to a single IP address across a specific service port most likely indicates a remote service brute force credential attack.

APing sweep of the 192.168.1.106 network

A ping sweep targets an entire network range of IP addresses to discover live hosts, not a single IP address repeatedly.

BRemote service brute force attemptCorrect

A remote service brute force attempt is characterized by rapid, repeated authentication attempts against a single host and port, such as SSH on port 22 or RDP on port 3389. The output targeting 192.168.1.106 with sequential login attempts to one service is the hallmark pattern of automated credential stuffing or brute force tools like Hydra or Medusa.

CPort scan of 192.168.1.106

A port scan probes multiple different ports on a target host to identify open services, whereas this output targets a single service repeatedly.

DDenial of service attack on 192.168.1.106

A denial of service attack floods a target with traffic or malformed packets to exhaust resources, which is distinct from the pattern of sequential authentication attempts shown.

Concept tested: Identifying remote service brute force attack patterns

Source: https://attack.mitre.org/techniques/T1110/

Topics

#brute force#remote service attack#penetration testing#credential attack

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice