The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. From the options given below choose the one best interprets the following entry:

Apr 26 06:43:05 [6282] IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

Interpret the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107.53

A.
An IDS evasion technique

B.
A buffer overflow attempt

C.
A DNS zone transfer

D.
Data being retrieved from 63.226.81.13.

Explanation:
The IDS log file is depicting numerous attacks, however, most of them are from different attackers, in reference to the attack in question, he is trying to mask his activity by trying to act legitimate, during his session on the honeypot, he changes users two times by using the “su” command, but never triess to attempt anything to severe.