An administrator is investigating a system that may potentially be compromised and sees the
following log entries on the router.
*Jul 15 14:47:29.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) –
> 10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) –
> 10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) –
> 10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
A.
It is running a rogue web server
B.
It is being used in a man-in-the-middle attack
C.
It is participating in a botnet
D.
It is an ARP poisoning attack