Ethical Hacking 5.1.10
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? answer FIN URG ACK RST
RST
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? answer SYN/RST SYN/ACK RST ACK
SYN/ACK
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content? answer Colasoft IP Tools ping Currports
Colasoft
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data? answer FIN SYN PSH URG
PSH
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use? answer IP tools Currports Hping3 Angry IP scanner
Currports
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats? answer Port scan Vulnerability scan Decoy scan Network scan
Vulnerability scan
Which of the following scans is used to actively engage a target in an attempt to gather information about it? answer TCP scan Vulnerability scan Network scan Port scan
Port scan
Which of the following best describes the scan with ACK evasion method? answer Returns feedback to the fake IP address and ensures there is no record of the IP address sending the requests. Sends packets and breaks them apart so intrusion detection systems don't know what they are. Filters incoming and outgoing traffic, provides you with anonymity, and shields you from possible detection. Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used? answer Port scan Network scan Decoy scan Vulnerability scan
Network scan
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use? answer Network Topology Manager Scany Colasoft NetAuditor
Scany
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using? answer Beyond Trust Wardialing Ping sweep Fingerprinting
Fingerprinting
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used? answer Stealth Fingerprinting Wardialing Ping sweep
Wardialing Wardialing uses a modem. The scan dials a large block of phone numbers and attempts to locate other systems connected to a modem. If the scan gets a response, it accepts the connection. Modems are still often used for fax machines, multi-purpose copiers, and as a backup for high-speed internet. A ping sweep is used to scan a range of IPs to look for live systems. Ping sweeps help to build a network inventory, but can also alert the security system, which could result in an alarm being triggered or your attempts being blocked. A stealth scan, also known as a half-open scan, sends a SYN packet to a port. The three-way handshake does not occur because the original system does not reply with the final ACK. At this point, you have discovered an open port, but because an ACK packet was not sent, a connection was not actually made, and there is no security log. Fingerprinting relies on small differences in packets created by various operating systems. Differences can be noticed by examining the TTL values, TCP window size, DHCP requests, ICMP requests, HTTP packets, and open port patterns.
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used? answer Xmas tree scan NULL scan Idle scan Full open scan
Idle scan With an idle scan, the hacker finds a target machine but wants to avoid getting caught, so he finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction for the hacker. The scan directs all requests through the zombie machine. If that zombie machine is flagged, the hacker simply creates another zombie machine and continues with his work. The full open scan completes a full two-way handshake on all ports. Open ports respond with a SYN/ACK, and closed ports respond with an RST flag, which ends the attempt. The down side of this type of scan (and reason that it's not frequently used) is that somebody now knows you were there. An Xmas tree scan gets its name because all of the flags are turned on, and the packet is lit up like a Christmas tree. The recipient has no idea what to do with this packet, so either the packet is ignored or dropped. If you get an RST packet, you know the port is closed. If you don't get a response, the port may be open. A NULL scan sends the packets with no flags set. If the port is open, there will be no response. If the ports are closed, an RST response will be returned.
