ch5 - Scanning
14. Which best describes a vulnerability scan?
A way to automate the discovery of vulnerabilities - vulnerability scans are designed to pick up weaknesses in a system. They are typically automated.
7. What is missing from a half-open scan?
ACK - an ACK flag belongs to the last part of the three-way handshake, and this part never happens in a half-open scan.
4. Which of the following is not a flag on a packet? a. URG b. PSH c. RST d. END
END - END is not a type of flag. Valid flags are ACK, FIN, SYN, URG, RST, and PSH.
18. A vulnerability scan is a good way to do what?
Find open ports & Find weaknesses - vulnerability scanners are necessary for a security person to use to strengthen their systems by finding weaknesses before an attacker does.
19. A banner can do what?
Identify a service - a banner can be changed on many services, keeping them from being easily identified. If this is not done, it is possible to use tools such as telnet to gain information about a service and use that information to fine-tune an attack.
6. Which of the following types of attack has no flags set?
NULL - a NULL scan has no flags configured on its packets.
2. Which of the following is used for identifying a web server OS?
Netcraft - Netcraft is used to gather information about many aspects for a system, including operating system, ip address, and even country of origin.
13. What is an ICMP echo scan?
Ping Sweep - an ICMP echo scan is a ping sweep-type scan
20. nmap is required to perform what type of scan?
Port scan - nmap is designed to perform scans against ports on a system or group of systems, but it is by far the most popular tool in many categories.
8. During an FIN scan, what indicates that a port is closed?
RST - an RST indicates that the port is closed
9. During a Xmas tree scan what indicates a port is closed?
RST - an RST indicates the port is closed in many of the TCP scan types. The RST is sent in response to a connection request and the RST indicates that the port is not available.
12. What is the sequence of the three-way handshake?
SYN, SYN-ACK, ACK - a three way handshake is part of every TCP connection and happens at the beginning of every connection. It includes SYN SYN-ACK ACK to be fully completed
5. An SYN attack used which protocol? a. TCP b. UDP c. HTTP d. Telnet
TCP - syn flags are seen only on TCP-based transmissions and not in UDP transmissions of any kind .
1. Which of the following is used for banner grabbing?
Telnet - Telent is used to perform banner grabs against a system. however, other tools are available to do this as well.
10. What is the three-way handshake?
The opening sequence of a TCP connection - the three-way handshake happens at the beginning of every TCP connection.
17. Why would you need to use a proxy to perform scanning?
To enhance anonymity - you do not need to use a proxy to perform scanning, but using one will hide the process of scanning and make it more difficult to monitor by the victim or other parties.
16. What is Tor used for?
To hide the process of scanning - Tor is designed to hide the process of scanning as well as the origin of a scan. In addition, it can provide encryption services to hide the traffic iteself.
15. What is the purpose of a proxy?
To keep a scan hidden - a proxy is used to hide the party launching a scan
3. Which of the following is used to perform customized network scans?
nmap - nmap is a utility used to scan networks and systems and for other types of custom scans.
11. A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?
A half open does not include the final ACK - a threeway handshake is part of every TCP connection and happens at the beginning of every connection. In the case of a half-open scan, however, a final ACK is not sent, therefore leaving the connection halfway complete.
