Hands-On Ethical Hacking and Network Defense, Chapter 5

Ace your homework & exams now with Quizwiz!

Nessus, a tool first released in

1998

Attackers typically use ______ scans to get past a firewall or other filtering device.

ACK scan

Which type of scan is usually used to bypass a firewall or packet-filtering device?

ACK scan

Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error?

An incorrect parameter is used.

Port scanning provides the state for all but which of the following ports?

Buffered

This type of scan relies on the attacked computer's OS, so it's a little more risky to use. Complete the three-way handshake.

Connect scan

Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command?

FIN PSH URG

In this type of scan, a ______ packet is sent to the target computer. If the port is closed, it sends back an RST packet.

FIN scan

Fping doesn't allow pinging multiple IP addresses simultaneously.

False

An enhanced Ping utility for pinging multiple targets simultaneously

Fping

nmap -O

IP Protocol Scans

What is a potential mistake when performing a ping sweep on a network?

Including a broadcast address in the ping sweep range

nmap -sP

Ping Scan

To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services?

SYN packets ACK packets

nmap -sT

TCP connect scan

Unicornscan can handle _____, _____, and _____ port scanning

TCP, ICMP, and IP

To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type?

man nmap

Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210?

nmap -sS 193.145.85.210 nmap -v 193.145.85.210

Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network?

nmap -v 192.168.1.0-254 -p 22 nmap -v 192.168.1.0/24 -p 22

Ports that respond to ping sweeps and other packets.

open ports

Most, if not all, scanning programs report _________, __________, and __________ in a matter of seconds.

open ports, closed ports, and filtered ports in a matter of seconds.

A security tool used to identify open ports and detect services and OSs running on network systems.

NMAP

Originally written for Phrack magazine in 1997 by Fyodor

NMAP

Unicornscan optimizes ______ scanning beyond the capabilities of any other port scanner.

UDP

In this type of scan, a ______ packet is sent to the target computer. If the port sends back an ICMP "Port Unreachable" message, the port is closed.

UDP scan

Ports that aren't listening or responding to a packet.

closed ports

nmap -h

quick reference screen of nmap usage options.

The Hping tool is used for

bypass filtering devices

An open-source fork of Nessus developed in 2005

OpenVAS

A FIN packet sent to a closed port responds with which of the following packets?

RST

Pinging a range of IP addresses to identify live systems on a network.

ping sweep

Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services?

Port scanning

A method of finding out which services a host computer offers.

port scanning

Method of finding out which services a host computer offers.

port scanning

nmap -sU

UDP Scan

A closed port responds to a SYN packet with which of the following packets?

RST

nmap -sS

stealth scan

What type is an ICMP Echo Reply

type (0)

Port scanning tool for large-scale endeavors.

Unicornscan

What can Security testers use to bypass filtering devices.

Hping

An enhanced Ping utility for crafting TCP and UDP packets to be used in portscanning activities.

Hping

Use it to bypass filtering devices by injecting crafted or otherwise modified IP packets.

Hping

Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?

Hping

Helpful tools for crafting IP packets

Hping, Fping

A(n) ________ scan sends a packet with all flags set to NULL.

NULL

In a ______scan, all packet flags are turned off. A closed port responds to a NULL scan with an RST packet, so if no packet is received, the best guess is that the port is open.

NULL scan

Previously an open-source scanning tool; now licensed by Tenable Network Security.

Nessus

Previously an open-source scanning tool; now licensed by Tenable Network Security.

Nessus

A security tool for conducting port scanning, OS identification, and vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform the tests.

OpenVAS

A security tool for conducting port scanning, OS identification, and vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform the tests.

OpenVAS

To see a brief summary of Nmap commands in a Linux shell, which of the following should you do?

Type nmap -h.

Was developed to assist security testers in conducting tests on large networks and to consolidate many of the tools needed for large-scale endeavors.

Unicornscan

OpenVAS functions much like a

database server

A reasonably priced commercial scanner with a GUI interface

AW Security Port Scanner

In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live?

ICMP Echo Reply (type 0)

What is the most widely used port-scanning tool?

NMAP

Scanning tactic that a malicious hacker (or cracker) can use to determine the state of a communications port without establishing a full connection.

SYN scan

nmap -sV

Version Detection

In this type of scan, the FIN, PSH, and URG flags are set. Closed ports respond to this type of packet with an RST packet.

XMAS scan

What makes OpenVAS tool unique

capability to update security check plug-ins when they become available.

Ports protected with a network-filtering device, such as a firewall.

filtered ports

Port scanners can also be used to conduct a __________ of a large network to identify which IP addresses belong to active hosts.

ping sweep

An OpenVAS plug-in is a ______________________ that can be selected from the client interface.

security test program (script)

What type is a ICMP Echo Request

type (8)


Related study sets

Chapter 22: Nursing Management of the Postpartum Woman at Risk (Prep U)

View Set

Path 63 Renal BV Disorders - Renal Cell Carcinoma

View Set

Chapter 12: Marketing Channels: Delivering Customer Values

View Set

Chapter 3 Review - Gross Income: Inclusions and Exclusions

View Set

SOC101 Chapter 9 Constructing Gender and Sexuality

View Set

Ch. 1 of Effective Supervisory Practices (Roles of the supervisor)

View Set