3 Comments on “Which of the following BEST describes the compromised system?”

1. Paul S says:

   February 21, 2017 at 8:52 am

   this answer is correct but I thought it would be useful to explain. port 6667 is part of IRC or chat. This is the most common way for botnet masters to tell their botnets what to do. Also, port 57222 is a random port but it is used three time here. That is unusual considering the number of packets.

   
   
   
   1

   
   
   
   0
   1. Black says:

      February 25, 2017 at 8:24 am

      I found it very useful. Thanks Paul S.

      
      
      
      0

      
      
      
      0
2. meac says:

   May 31, 2018 at 10:44 pm

   In this Question, we have a source computer (192.10.3.204) sending data to a single destination IP address 10.10.1.5. No data is being received back by source computer which suggests the data being sent is some kind of Denial-of-service attack.
   This is common practice for computers participating in a botnet.
   The port used is TCP 6667 which is IRC (Internet Relay Chat). This port is used by many Trojans and is commonly used for DoS attacks.
   Software running on infected computers called zombies is often known as a botnet. Bots, by themselves, are but a form of software that runs automatically and autonomously. (For example, Google uses the Googlebot to find web pages and bring back values for the index.)
   Botnet, however, has come to be the word used to describe malicious software running on a zombie and under the control of a bot-herder.
   Denial-of-service attacks–DoS and DDoS–can be launched by botnets, as can many forms of adware, spyware, and spam (via spambots). Most bots are written to run in the background with
   no visible evidence of their presence. Many malware kits can be used to create botnets and modify existing ones.

   
   
   
   0

   
   
   
   0