Users are claiming that a web server is not accessible. A security engineer is unable to view the Internet Services logs for the site. The engineer connects to the server and runs netstat – an and receives the following output:
Which of the following is MOST likely happening to the server?
The most likely issue occurring on the server is a Denial of Service (DoS) attack. The netstat output showing numerous connections in the TIME_WAIT state indicates that the system is being overwhelmed with a large number of connection attempts, which is a common symptom of a DoS attack. These excessive connections can prevent legitimate users from accessing the server, which aligns with the users' claims of the server being inaccessible.
TCP connections in the TIME_WAIT state, which indicates that there are a lot of connections that are being closed. The large number of TIME_WAIT connections can be an indication that the server is experiencing a Denial of Service (DoS)
DOS, due to contiguous ports listed and TIME_WAIT
Port scan. Of course, it is denying service, but that could happen as a consequence of an approved scan so not truly a DOS. Also, a port scan would be a very poor way to launch a DOS. There are more effective options I mean
A. Port scan because the source port 0, but can't look for details...any help?