- Email support@dumps4free.com
Topic 19, Evading IDS, Firewalls and Honeypots
Which one of the following attacks will pass through a network layer intrusion
detection system undetected?
A.
A teardrop attack
B.
A SYN flood attack
C.
A DNS spoofing attack
D.
A test.cgi attack
A test.cgi attack
Explanation:
Because a network-based IDS reviews packets and headers, it can also detect denial of
service (DoS) attacks
Not A or B:
The following sections discuss some of the possible DoS attacks available.
Smurf
Fraggle
SYN Flood
Teardrop
DNS DoS Attacks”
While attempting to discover the remote operating system on the target computer,
you receive the following results from an nmap scan:
Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/
<http://www.insecure.org/nmap/> )
Interesting ports on 172.121.12.222:
(The 1592 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https
Remote operating system guess: Too many signatures match to reliably
guess the OS.
Nmap run completed - 1 IP address (1 host up) scanned in 277.483
seconds
What should be your next step to identify the OS?
A.
Perform a firewalk with that system as the target IP
B.
Perform a tcp traceroute to the system using port 53
C.
Run an nmap scan with the -v-v option to give a better output
D.
Connect to the active services and review the banner information
Connect to the active services and review the banner information
Explanation: Most people don’t care about changing the banners presented by
applications listening to open ports and therefore you should get fairly accurate information
when grabbing banners from open ports with, for example, a telnet application.
All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?
A.
They are all Windows based webserver
B.
They are all Unix based webserver
C.
The company is not using IDS
D.
The company is not using a stateful firewall
The company is not using a stateful firewall
Explanation: If they used a stateful inspection firewall this firewall would know if there has
been a SYN-ACK before the ACK.
Which of the following commands runs snort in packet logger mode?
A.
./snort -dev -h ./log
B.
./snort -dev -l ./log
C.
./snort -dev -o ./log
D.
./snort -dev -p ./log
./snort -dev -l ./log
Explanation: Note: If you want to store the packages in binary mode for later analysis use
./snort -l ./log -b
An attacker is attempting to telnet into a corporation’s system in the DMZ. The
attacker doesn’t want to get caught and is spoofing his IP address. After numerous
tries he remains unsuccessful in connecting to the system. The attacker rechecks
that the target system is actually listening on Port 23 and he verifies it with both
nmap and hping2. He is still unable to connect to the target system.
What is the most probable reason?
A.
The firewall is blocking port 23 to that system.
B.
He cannot spoof his IP and successfully use TCP.
C.
He needs to use an automated tool to telnet in.
D.
He is attacking an operating system that does not reply to telnet even when open.
He cannot spoof his IP and successfully use TCP.
Explanation: Spoofing your IP will only work if you don’t need to get an answer from the
target system. In this case the answer (login prompt) from the telnet session will be sent to
the “real” location of the IP address that you are showing as the connection initiator.
| Page 27 out of 153 Pages |
| Previous |