From a honeypot log excerpt, which IP address is shown as performing a port scan?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Looking for a port scan in a honeypot log means spotting a single external source making quick, repeated connection attempts to many different ports on the honeypot. That burst of activity across numerous ports from one IP is the telltale sign of a scanner, not normal service access.

The address 194.222.156.169 stands out because the log shows it initiating connections to a wide range of ports in rapid succession, which matches the behavior of a port scan. Other addresses either don’t show that broad, rapid probing pattern or are internal/private addresses that wouldn’t typically appear as external scanning sources. So, the IP 194.222.156.169 is identified as performing the port scan.

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Get the latest from Passetra