Free Preparation Discussions
MENU
Eccouncil Exam 112-51 Topic 6 Question 33 Discussion
Topic #: 6
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
Port 48101 is the port number used by the malware to spread the infection to other loT devices. This port is associated with the Mirai botnet, which is one of the most notorious loT malware that targets vulnerable loT devices and turns them into a network of bots that can launch distributed denial-of-service (DDoS) attacks. Mirai scans the internet for loT devices that use default or weak credentials and infects them by logging in via Telnet or SSH. Once infected, the device connects to a command and control (C&C) server on port 48101 and waits for instructions. The C&C server can then direct the botnet to attack a target by sending TCP, UDP, or HTTP requests. Mirai has been responsible for some of the largest DDoS attacks in history, such as the one that disrupted Dyn DNS in 2016 and affected major websites like Twitter, Netflix, and Reddit. Reference:
Mirai (malware), Wikipedia, March 16, 2021
Mirai Botnet: A History of the Largest loT Botnet Attacks, Imperva, December 10, 2020
Mirai Botnet: How loT Devices Almost Brought Down the Internet, Cloudflare, March 17, 2021
Currently there are no comments in this discussion, be the first to comment!