nerdexam
GIAC

GCIH · Question #530

Based on the tcpdump output below, what is an attacker attempting to do?

The correct answer is D. Zone transfer. DNS zone transfers use TCP port 53, while small record lookups use UDP port 53. In this case, the DNS server is host 216.239.32.10, and it is responding to the client 192.168.1.4 request for a

Reconnaissance, Scanning, and Enumeration

Question

Based on the tcpdump output below, what is an attacker attempting to do?

Exhibit

GCIH question #530 exhibit

Options

  • AUse a web crawler
  • BUse a search engine
  • CRecord lookup (less than 512 bytes)
  • DZone transfer
  • EWhois lookup

How the community answered

(37 responses)
  • B
    5% (2)
  • C
    8% (3)
  • D
    84% (31)
  • E
    3% (1)

Explanation

DNS zone transfers use TCP port 53, while small record lookups use UDP port 53. In this case, the DNS server is host 216.239.32.10, and it is responding to the client 192.168.1.4 request for a

Topics

#DNS zone transfer#tcpdump#packet analysis#DNS reconnaissance

Community Discussion

No community discussion yet for this question.

Full GCIH Practice