- Email support@dumps4free.com
Topic 3, Scanning
Which Type of scan sends a packets with no flags set ?
Select the Answer
A.
Open Scan
B.
Null Scan
C.
Xmas Scan
D.
Half-Open Scan
Null Scan
Explanation:
The types of port connections supported are:
TCP Full Connect. This mode makes a full connection to the target's TCP ports
and can save any data or banners returned from the target. This mode is the most
accurate for determining TCP services, but it is also easily recognized by Intrusion
Detection Systems (IDS).
UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to
the target's UDP ports and looks for an ICMP Port Unreachable message in return.
The absence of that message indicates either the port is used, or the target does
not return the ICMP message which can lead to false positives. It can save any
data or banners returned from the target. This mode is also easily recognized by
IDS.
TCP Full/UDP ICMP Combined. This mode combines the previous two modes into
one operation.
TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet
to the target port and listens for the appropriate response. Open ports respond
with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is
less likely to be noted by IDS, but since the connection is never fully completed, it
cannot gather data or banner information. However, the attacker has full control
over TTL, Source Port, MTU, Sequence number, and Window parameters in the
SYN packet.
TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any
combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port
and listens for the response. Again, the attacker can have full control over TTL,
Source Port, MTU, Sequence number, and Window parameters in the custom TCP
packet. The Analyze feature helps with analyzing the response based on the flag
settings chosen. Each operating system responds differently to these special
combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag
settings.
Which type of scan does not open a full TCP connection?
A.
Stealth Scan
B.
XMAS Scan
C.
Null Scan
D.
FIN Scan
Stealth Scan
Explanation: Stealth Scan: Instead of completing the full TCP three-way-handshake a full
connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is
received it is assumed that the port on the system is active. In that case a RST/ACK will be
sent which will determined the listening state the system is in. If a RST/ACK packet is
received, it is assumed that the port on the system is not active.
War dialing is one of the oldest methods of gaining unauthorized access to the
target systems, it is one of the dangers most commonly forgotten by network
engineers and system administrators. A hacker can sneak past all the expensive
firewalls and IDS and connect easily into the network. Through wardialing an
attacker searches for the devices located in the target network infrastructure that are
also accessible through the telephone line.
‘Dial backup’ in routers is most frequently found in networks where redundancy is
required. Dial-on-demand routing(DDR) is commonly used to establish connectivity
as a backup.
As a security testers, how would you discover what telephone numbers to dial-in to
the router?
A.
Search the Internet for leakage for target company’s telephone number to dial-in
B.
Run a war-dialing tool with range of phone numbers and look for CONNECT
Response
C.
Connect using ISP’s remote-dial in number since the company’s router has a
leased line connection established with them
D.
Brute force the company’s PABX system to retrieve the range of telephone
numbers to dial-in
Run a war-dialing tool with range of phone numbers and look for CONNECT
Response
Explanation: Use a program like Toneloc to scan the company’s range of phone numbers.
John has scanned the web server with NMAP. However, he could not gather enough
information to help him identify the operating system running on the remote host
accurately.
What would you suggest to John to help identify the OS that is being used on the
remote web server?
A.
Connect to the web server with a browser and look at the web page.
B.
Connect to the web server with an FTP client.
C.
Telnet to port 8080 on the web server and look at the default page code.
D.
Telnet to an open port and grab the banner.
Telnet to an open port and grab the banner.
Explanation: Most people don’t care about changing the banners presented by
applications listening to open ports and therefore you should get fairly accurate information
when grabbing banners from open ports with, for example, a telnet application.
Exhibit
Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence
numbers in one of the hacking session.
What does the first and second column mean? Select two.
A.
The first column reports the sequence number
B.
The second column reports the difference between the current and last sequence
number
C.
The second column reports the next sequence number
D.
The first column reports the difference between current and last sequence number
The first column reports the sequence number
The second column reports the difference between the current and last sequence
number
| Page 17 out of 153 Pages |
| Previous |