Module 5: Scanning and Evasion Techniques
Which Nmap option can be used to make it harder to detect packets when evading firewalls and IDS?
-f (fragmented packets)
Which option can be used in Netdiscover to run a passive scan?
-p
When using Nmap, use _____ to do a ping scan
-sP
How many scripts are available in Nmap 7.7?
588
Privacy Badger
A Chrome extension that deletes invisible trackers
ACK flag
Acknowledges that a previous packet has been received
fping
An enhanced Ping utility for pinging multiple targets simultaneously.
netstat -a
Displays all connections and listening ports on your device
Which flag indicates that there is no more data to be sent and that the connection should be terminated?
FIN
True or False. The netdiscover -f command is used to scan a range of IPs using the Netdiscover tool.
False; use -r
PSH flag
Push the data to the application without buffering; don't wait for more data to be transmitted with it
RST flag
Resets the connection
Idle Scan
The hacker finds a target machine, but wants to avoid getting caught, so, he finds another system to take the blame. The blamed system is called a zombie machine because it's disposable and creates a good distraction. The scan directs all requests through the zombie machine. If that zombie machine is flagged, the hacker simply creates another zombie machine and continues to scan.
OS fingerprinting
The practice of identifying the operating system of a networked device based on response behavior
ping sweep
The process of sending ping requests to a series of devices or to the entire range of networked devices to wait for responses to know which hosts are alive
URG flag
This flag is used to signify urgent data.
SYN flag
This flag is used when first establishing a TCP connection and make sure the receiving end knows to examine the sequence number field; synchronizes sequence numbers
hping3
Tool used to test the security of firewalls; a custom network packet generator and analyzer tool
True or false? A filtered port indicates that a packet-blocking device is preventing the probe from reaching the target.
True
Nmap ping scan command
nmap -sP
Intrusion detection works _____ to identify, log, and report any malicious activity.
out-of-band
What sends a succession of probe packets to an IP range on a network to identify which hosts are alive and responding?
ping sweep
socket
port and IP address mapping
_____ identifies listening TCP and UDP ports on a target system looking for services
port scan
strobe mode
scanning method that quietly checks a few ports at a time
stealth mode
scanning mode that uses scans that are designed to avoid detection on monitoring systems' logs
Once reconnaissance is complete and enough information is available, the second step of penetration testing is _____.
scanning/enumeration
Scanning a network should be done under the radar. _____ mode quietly checks a few ports at a time, and stealth mode uses scans designed to avoid detection.
strobe
Which website can be used to ensure that DNS information is not being leaked?
www.dnsleak.com
curl
Kali tool that grabs web banners
Armitage
Kali tool that seeks vulnerabilities and provides a list of suitable exploits
FIN flag
Last packet from the sender; "I have nothing else to send"
nmap
a security scanner built into Kali that performs a variety of scans, discovers hosts and services, and reports devices that are alive
Nipe
a tool that utilizes the Tor network as a user's default gateway to offer a level of privacy and anonymity.
The ____________ number is the sequence number from the sender increased by one.
acknowledgement
Striker
automated scanning and deep information-gathering tool built into Python; offers port/service scanning and vulnerability scanning
ping -c
count: pings the host a specific number of times.
netdiscover
discovery tool that can perform recon and discovery on wireless and switched networks using ARP request
True or False? bping is a tool that can be used to send ICMP echo requests to several hosts at once.
false; fping
With a(n) _____ scan, the TCP header is split over several packets and makes it hard for packet filters and intrusion detection systems to detect a port scan.
fragmented (-f)
port scan
identifies listening TCP and UDP ports on a live target system, looking for services
network mapping
identifying topology of target network and creating a map
IPS works ____ to block attacks
in line
