GCIH · Question #760
Based on the nmap data in the screenshot the analyst would choose which IP address for a DNS attack?
The correct answer is C. 10.0.0.1. An analyst selects the DNS attack target by identifying the host with port 53 open in the nmap output, which indicates an active DNS service.
Question
Based on the nmap data in the screenshot the analyst would choose which IP address for a DNS attack?
Exhibit
Options
- A10.0.0.229
- B10.0.0.13
- C10.0.0.1
- D10.0.0.171
How the community answered
(31 responses)- A16% (5)
- B3% (1)
- C74% (23)
- D6% (2)
Why each option
An analyst selects the DNS attack target by identifying the host with port 53 open in the nmap output, which indicates an active DNS service.
10.0.0.229 does not have port 53 open in the nmap results and is therefore not running a DNS service.
10.0.0.13 does not show port 53 as open in the scan output and is not an appropriate DNS attack target.
10.0.0.1 is the host shown in the nmap scan with port 53/tcp open, identifying it as the active DNS server in the environment. Targeting this host enables DNS-based attacks such as zone transfers, cache poisoning, or denial-of-service against the DNS service itself.
10.0.0.171 does not have port 53 open in the nmap results and is not identified as a DNS server.
Concept tested: Identifying DNS server target using nmap scan results
Source: https://nmap.org/book/man-port-scanning-basics.html
Topics
Community Discussion
No community discussion yet for this question.
