GIAC
GCIH · Question #530
Based on the tcpdump output below, what is an attacker attempting to do?
The correct answer is D. Zone transfer. DNS zone transfers use TCP port 53, while small record lookups use UDP port 53. In this case, the DNS server is host 216.239.32.10, and it is responding to the client 192.168.1.4 request for a
Reconnaissance, Scanning, and Enumeration
Question
Based on the tcpdump output below, what is an attacker attempting to do?
Exhibit
Options
- AUse a web crawler
- BUse a search engine
- CRecord lookup (less than 512 bytes)
- DZone transfer
- EWhois lookup
How the community answered
(37 responses)- B5% (2)
- C8% (3)
- D84% (31)
- E3% (1)
Explanation
DNS zone transfers use TCP port 53, while small record lookups use UDP port 53. In this case, the DNS server is host 216.239.32.10, and it is responding to the client 192.168.1.4 request for a
Topics
#DNS zone transfer#tcpdump#packet analysis#DNS reconnaissance
Community Discussion
No community discussion yet for this question.
