PLEASE Answer carefully.thankyou 69) An administrator sees the following lines i

Question

PLEASE Answer carefully.thankyou

69) An administrator sees the following lines in a log file from a widely used corporate SSH server

Jan 1 18:24:23 lan sshd[1254]: Failed password for admin from 10.1.2.1 port 29659 ssh2
Jan 1 18:24:25 lan sshd[1261]: Failed password for admin from 10.1.2.1 port 29709 ssh2
Jan 1 18:24:23 lan sshd[1267]: Failed password for admin from 10.1.2.1 port 29754 ssh2
Jan 1 18:24:30 lan ss8hd[1272]: Failed password for admin from 10.1.2.1 port 29790 ssh2

Based on this information, which of the following BEST describes what the administrator might assume is happening and how it can be mitigated?

A) A dictionary attack was attempted on the server. Install an application to block IP addresses that attempt dictionary attacks,

B) A rainbow table attack was attempted on the server. Block SSH on the server until the attacks stop and traffic returns to normal levels.

C) The admin user forgot the password, Have the help desk instruct the admin user on how to change the password,

D) The admin user has been compromised. Immediately disconnect the server from the network and begin forensic analysis to determine any damage,

Explanation / Answer

Answer is A)

Here hacker is using the different words from dictionary to match passwords so he is trying with different passwords. in Dictionary attack hacker will try will all words in the dictionary. it good to block the IP address which tries for dictionary attack

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.