A security analyst is checking log files and finds the following entries:
Which of the following is MOST likely happening?
A. A hacker attempted to pivot using the web server interface.
B. A potential hacker could be banner grabbing to determine what architecture is being used.
C. The DNS is misconfigured for the server’s IP address.
D. A server is experiencing a DoS, and the request is timing out,
First glance points to C. The DNS is misconfigured for the server’s IP address. Only because the Host lookup failed.
However, It maybe that the port is unavailable because the hacker is using it. Hence the error when the nc -vv command is run.
So it could be A. A hacker attempted to pivot using the web server interface.
info
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
The person is running a verbose, seemed like he/she is trying to banner grab. I will go with B
It should be B. It is using NetCat to banner grabbing. How is it going to be A?
Can someone explain why the answer is not C?